Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to secure REST routes using Atlassian Connect Express?

Richard Simko [RefinedWiki]
Richard Simko [RefinedWiki] January 22, 2016

In the ACE documentation it's claimed that the {{token}} helper in Handlebars should provide me with a token I can use to secure my REST API. However this doesn't seem to work properly. I've used the approach with HTTP Auth headers:

beforeSend: function (request) {
    request.setRequestHeader("Authorization", "JWT {{token}}");
}

Which gets me a token on the client side. However when I try to send a REST request it fails with the following error:

Authentication verification error: 401 JWT claim did not contain the query string hash (qsh) claim

And if I check the token on the client it has no qsh and no context (I tried putting the token into https://jwt.io and looking at its contents). What gives? Am I supposed to use this partial token to generate my own complete token? If so the documentation should probably be updated.

Watch
Like Be the first to like this
1073 views

2 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

3 votes
Answer accepted
Travis Smith
Travis Smith
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 22, 2016

So there's two ways to secure your endpoints in Express. There's addon.authenticate() middleware which does JWT auth (server to server from JIRA), and there's {{addon.checkValidToken()}} middleware which handles validating the token in your page. You want to make sure you secure you Express endpoint with the right middleware. 

View More Comments
Richard Simko [RefinedWiki]
Richard Simko [RefinedWiki] January 22, 2016

THANK YOU! laugh I though I was going mad. Now that you mention it I recognize that from playing around with the Bitbucket plugin. I can also see now that it's mentioned in the documentation. Perhaps make it even clearer so fools like me don't miss it? wink

Like
Travis Smith
Travis Smith
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 22, 2016

I'm sure we can express this more clearly in the docs somewhere. I'll take a look with the team. 

Like
Richard Simko [RefinedWiki]
Richard Simko [RefinedWiki] January 22, 2016

Great! Anyways, thanks for the quick reply. Cheers!

Like
Reply
0 votes
Test1 Amzn
Test1 Amzn October 25, 2016

Able to get the result when using curl command in the command line but throws unauthorized exception when tried from build.gradle.

 

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events