401 Authorization Error for Requests Made with JWT Authentication

EnyiomaOsondu · September 24, 2020, 7:04pm

Hello. I’m attempting to build a Confluence Cloud connect application which accesses some resources related to the instance of confluence it’s installed on. This application is being built with Django if that’s of any consequence. To make create the Authorization header, I’m making use of a library named atlassian-jwt.

I try to get groups - /wiki/rest/api/group

To generate the token I’m passing in (GET, https://my-domain.atlassian.net/wiki/rest/api/group, my-connect-app-key, shared-secret) into the encode_token function from the library above.

Whenever I make the request with the header Authorization: JWT <generated_token>, I get a 401 error. This error occurs for any resource I try to retrieve, not just groups. I’m now wondering if I have missed anything. This issue I’m having seems to be particular to Confluence as I have done the same for Jira and it works seamlessly.

Would be glad to receive any help I can get. Thanks in advance!

remie · September 24, 2020, 7:41pm

The most common reason for this is that you’re not generating the correct Query String Hash: https://developer.atlassian.com/cloud/bitbucket/query-string-hash/

james.dellow · September 27, 2020, 3:50am

Why are you making the request with the header Authorization: JWT <generated_token> and not just appending it as part of the query in the GET request?

remie · September 27, 2020, 7:15am

Does it make a difference?

james.dellow · September 28, 2020, 2:45am

I assume not, but he said:

This issue I’m having seems to be particular to Confluence as I have done the same for Jira and it works seamlessly.

A minimal GET request like /rest/api/user?jwt=whateverthetokenis should be easy to test.

EnyiomaOsondu · October 19, 2020, 11:37pm

You were right! The library I was using to generate the token did not account for Confluence. It included /wiki in the canonical URI. What I did was to pass in https://my-domain.atlassian.net/rest/some/path instead of https://my-domain.atlassian.net/wiki/rest/some/path and that solved my issue.

gazeldx · December 10, 2020, 10:44am

I finally got the reason.
For me the problem is the clientKey. I thought it is the clientKey of Atlassian tenant. But actually, it is the key defined in your descriptor. It is add-on’s key, which is defined by developer himself (probably you), like: ‘key’: f’com.yourcompany.jira.dev’.

token = atlassian_jwt.encode_token(
            'GET',
            relative_url,
            clientKey='It_Is_Not_A_Value_Different_For_Each_Tenant_It_IS_A_Fixed_Value',
            sharedSecret=self.shared_secret,
        )