Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Authenticating client REST calls in Connect

Richard Simko [RefinedWiki]
Richard Simko [RefinedWiki] November 2, 2015

I'm trying to develop a connect add-on but I'm at a loss when it comes to authenticating the client's REST calls to my add-on. I'm using Atlassian Connect Express and node.js as my server so I was expecting this feature to be available but due to the lack of documentation I've had  a hard time finding it.

I've read about JWT however all the documentation seems to be centered around authenticating the add-on when communicating with the host application (Bitbucket Cloud in my case). However when viewing other Bitbucket add ons they seem to use JWT as well, so I'm wondering if anyone has an example of how this should be done?

Watch
Like James Hazelwood likes this
667 views

2 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Answer accepted
Richard Simko [RefinedWiki]
Richard Simko [RefinedWiki] November 3, 2015

It turned out that I was using 

addon.authenticate()

instead of

addon.checkValidToken()

in my node.js methods. Changing that seems to have fixed it.

Reply
2 votes
James Hazelwood
James Hazelwood
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 3, 2015

Hi Richard, it's buried a fair way down in the README.md but a recipe for host -> addon service communication is here. In essence:

 

A token variable will be available in the context of your mustache template - put it on the page somewhere eg:

<meta name="token" content="{{token}}">

 

 Provide this token in a header or as part of the query string when calling back to the add-on (see the link above for more info). E.G. for a jQuery AJAX call:

beforeSend: function (request) {
    request.setRequestHeader("Authorization", "JWT {{token}}");
}

 

In the route that handles this call, use addon.checkValidToken() (instead of addon.authenticate())

View More Comments
Richard Simko [RefinedWiki]
Richard Simko [RefinedWiki] November 3, 2015

Thanks for the reply! I was on the right track but I used .authenticate() instead of .checkValidToken().

Like
Richard Simko [RefinedWiki]
Richard Simko [RefinedWiki] November 4, 2015

Just a quick follow-up question, is there any way to determine who the user sending the request is or does the token only prove that the request is valid?

Like
Robert Massaioli _Atlassian_
Robert Massaioli _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 4, 2015

There should be a "user" param in the query params along with the JWT token. That should have the user-key of the user that is sending the request.

Like
Richard Simko [RefinedWiki]
Richard Simko [RefinedWiki] November 4, 2015

Sadly it's missing in Bitbucket's Connect implementation. AP.getUser doesn't work there so I had to solve it with a simple REST call to the API's /user endpoint.

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events