I'm trying to develop a connect add-on but I'm at a loss when it comes to authenticating the client's REST calls to my add-on. I'm using Atlassian Connect Express and node.js as my server so I was expecting this feature to be available but due to the lack of documentation I've had a hard time finding it.
I've read about JWT however all the documentation seems to be centered around authenticating the add-on when communicating with the host application (Bitbucket Cloud in my case). However when viewing other Bitbucket add ons they seem to use JWT as well, so I'm wondering if anyone has an example of how this should be done?
Community moderators have prevented the ability to post new answers.
It turned out that I was using
addon.authenticate()
instead of
addon.checkValidToken()
in my node.js methods. Changing that seems to have fixed it.
Hi Richard, it's buried a fair way down in the README.md but a recipe for host -> addon service communication is here. In essence:
A token
variable will be available in the context of your mustache template - put it on the page somewhere eg:
<meta name="token" content="{{token}}">
Provide this token in a header or as part of the query string when calling back to the add-on (see the link above for more info). E.G. for a jQuery AJAX call:
beforeSend: function (request) { request.setRequestHeader("Authorization", "JWT {{token}}"); }
In the route that handles this call, use addon.checkValidToken
() (instead of addon.authenticate())
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the reply! I was on the right track but I used .authenticate() instead of .checkValidToken().
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Just a quick follow-up question, is there any way to determine who the user sending the request is or does the token only prove that the request is valid?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There should be a "user" param in the query params along with the JWT token. That should have the user-key of the user that is sending the request.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sadly it's missing in Bitbucket's Connect implementation. AP.getUser doesn't work there so I had to solve it with a simple REST call to the API's /user endpoint.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.