Internal Pages and Ajax Requests

sss44 March 6, 2015

I'm trying to make internal ajax requests to pages inside of my plugin but I'd like to be able to authenticate these requests. 

I read here, https://bitbucket.org/atlassian/atlassian-connect-express  that:

In order to secure your route, the token must be part of the HTTP request back to the add-on service. This can be done by using the standard jwt query parameter:
 

<a href="/protected-resource?jwt={{token}}">See more</a>

The second option is to use the Authorization HTTP header, e.g. for AJAX requests:

beforeSend: function (request) {
    request.setRequestHeader("Authorization", "JWT {{token}}");
}

You can embed the token anywhere in your iframe content using the token content variable. For example, you can embed it in a meta tag, from where it can later be read by a script:

I've been having a few issues with this approach as described on these pages:
  1. {{token}} is not available in my templates. Using {{token}} usually results in an empty string being displayed. 
  2. I've tried manually setting token by using token : req.query.jwt and appending it to a link and my ajax requests as shown ie ?jwt={{token}} such that I get url's that look like:

    http://localhost:3000/test2?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0MjU2NzIyMzEsInN1YiI6ImFkbWluIiwiaXNzIjoiamlyYTpjNzNlOTljNi01MjM1LTQ5ZTQtOTgwMC01NDY4Yjk2YjU3ZDUiLCJxc2giOiJkM2MwM2I4MWUxMDBjOTNiMDFhODBmY2NmM2NiMDg0ZjQ5YWNkODdhNTY3NDJjODI4NTUyMmU0YzliZDc0NzNmIiwiaWF0IjoxNDI1NjcyMDUxfQ._djZ4YEKCumcPrcaAUwiJvDT-LyKk3Wfz-FG6jQZbnQ 

All the same though when accessing the url I get a 401 error and in my nodejs logs see the following:
Authentication verification error: 401 Could not find stored client data for jira:c73e99c6-5235-49e4-9800-5468b96b57d5. Is this client registered? 
My code is:

app.get('/index', function (req, res) {
res.render('index', {
title: 'uDo Time Sheets',
token : req.query.jwt
});
});

 

app.get('/test2', addon.checkValidToken(),
function(req, res){
res.send(400);
}
);

I'm sure I'm missing something very basic, just not sure what. Any help would be appreciated. 

4 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Answer accepted
sss44 March 9, 2015

I found my error unrelated to the code above rather 2 issues:

Removing my /installed post handler and ensuring that my whitelist  contained localhost:2990 as opposed to just *.localhost helped solve my issues. Removing whitelist altogether from config.php in development also works. 

 

2 votes
Christopher Whittington
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 9, 2015

Hi Shinda,

I made an example add-on for this a while back.

Please try the example here: https://bitbucket.org/cjwhittington/hashexample/src

sss44 March 9, 2015

@Christopher Whittington Thank you for that sample, comparing it to what I had helped me identify my issues, highlighted in my answers.

Hari Prasath P January 21, 2019

Hi @Christopher Whittington @sss44,

I am able to access token in home page of my add-on. But, when I redirect to another page using AP.navigator.go(), then I couldn't get the JWT token there(in the redirected page). When I inspect, content in the meta tag is empty. 

<meta name="token" content=""/>

How can I access the token in the redirected page?

1 vote
Nadir MEZIANI
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 6, 2015

Hello, I have the same problem Please let know if it will be resolved

0 votes
Joy M March 14, 2018

Its a token issue. You have to append the token to the url properly.

Nadir MEZIANI
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 14, 2018

Hi,

could you tell me how to append it ?

Thanks

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

TAGS
AUG Leaders

Atlassian Community Events