In the ACE documentation it's claimed that the {{token
}} helper in Handlebars should provide me with a token I can use to secure my REST API. However this doesn't seem to work properly. I've used the approach with HTTP Auth headers:
beforeSend: function (request) { request.setRequestHeader("Authorization", "JWT {{token}}"); }
Which gets me a token on the client side. However when I try to send a REST request it fails with the following error:
Authentication verification error: 401 JWT claim did not contain the query string hash (qsh) claim
And if I check the token on the client it has no qsh
and no context
(I tried putting the token into https://jwt.io and looking at its contents). What gives? Am I supposed to use this partial token to generate my own complete token? If so the documentation should probably be updated.
Community moderators have prevented the ability to post new answers.
So there's two ways to secure your endpoints in Express. There's addon.authenticate()
middleware which does JWT auth (server to server from JIRA), and there's {{addon.checkValidToken()}} middleware which handles validating the token in your page. You want to make sure you secure you Express endpoint with the right middleware.
THANK YOU! I though I was going mad. Now that you mention it I recognize that from playing around with the Bitbucket plugin. I can also see now that it's mentioned in the documentation. Perhaps make it even clearer so fools like me don't miss it?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm sure we can express this more clearly in the docs somewhere. I'll take a look with the team.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Great! Anyways, thanks for the quick reply. Cheers!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Able to get the result when using curl command in the command line but throws unauthorized exception when tried from build.gradle.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.