Creating JWT - stuck with 401 error

Irena Sh January 30, 2017

Hello,

I am new to creating JWT manually as we use Atlassian Connect Express for other projects. For this feature need to create JWT manually and I am missing something as all my attempts result with 401.

I have the following information about the user whose JIRA instance I attempt to access:
1. clientKey, as provided on add-on installation (e.g. '10cd8265-22e1-3260-8a12-7125a41970d9')
2. baseUrl, the same (e.g. 'https://local-dev.atlassian.net')
3. userKey, the same (e.g. 'admin')
4. User information saved by Atlassian in the redis DB, includes clientKey, publicKey, sharedSecret and baseUrl
5. path = /rest/api/2/dashboard (JIRA Cloud GET endpoint that does not require additional parameters)

I am using atlassian-jwt package for Node.js to create encode JWT and request-promise package to send the request.

Code:

var moment = require('moment');
var jwt = require('atlassian-jwt');
var request = require('request-promise');

var JWT_TOKEN_VALIDITY_IN_MINUTES = 3;

// Options are (with values specified above):
// {
//     sharedSecret: sharedSecret,
//     clientKey: clientKey,
//     userKey: userKey,
//     path: path,
//     baseUrl: baseUrl
// }
var createJwtPayload = function (req, options) {
    var now = moment().utc();
    var token = {
        "iss": options.clientKey,
        "iat": now.unix(),
        "exp": now.add(JWT_TOKEN_VALIDITY_IN_MINUTES, 'minutes').unix(),
        "qsh": jwt.createQueryStringHash(req),
        "aud": [ options.clientKey ]
    };
    if (options.userKey) {
        token["sub"] = options.userKey;
    }
    return token;
};

function sendRequest(payload, options) {
    var jwtPayload = createJwtPayload({
                'method': 'GET',
                'path'  : options.path
            }, options);
    var jwtToken = jwt.encode(jwtPayload, options.sharedSecret, 'HS256');

    return request({
        method: 'GET',
        uri: options.baseUrl + options.path,
        headers: {
            'Authorization': 'JWT ' + jwtToken
        }
    })
    .then(function(response) {
        ...
    })
    .catch(function(error) {
        ...
    });
}


Any pointer in the right direction will be very appreciated. Can someone proved a working code with proper data example?

Thank you.

Irena

1 answer

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
seb
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 30, 2017

Can you provide the error that JIRA is returning when you make the call? It could be that the REST API you are calling is not in scope (it's not listed in our docs). If this is the case, please raise a JIRA issue at https://ecosystem.atlassian.net/browse/ACJIRA

Secondly, if you are trying to make this REST API call as a specific user, then you will need to use a JWT token to exchange for an OAuth 2 Bearer token. Impersonating users via JWT tokens is not allowed. Please read our docs on this here: https://developer.atlassian.com/static/connect/docs/latest/concepts/OAuth2-JWT-Bearer-Token-Authentication.html

TAGS
AUG Leaders

Atlassian Community Events