401 Unauthorized in making a JIRA API Request using JWT obtained from Connect App

Jira Development Jira Cloud
,
1

I am reusing a JWT I got from my Connect app and am trying to make a JIRA API request in Postman to simulate making a request outside of the Connect app using the same JWT the Connect app used when making this request.

I’m getting a 401 Unauthorized Error with these headers:
{
Authorization: JWT ey…
Content-Type: application/json
}

Am I missing something in the headers? Is it possible to authenticate with a token outside the connect app?

Screenshot 2023-03-10 at 1.32.04 PM
Screenshot 2023-03-10 at 1.32.04 PM1698×245 20.9 KB

2

Hi @ArunSoni. Welcome to the dev community. The JWT that you have in hand – where/how was that JWT generated? It’s possible that the claims made on that JWT aren’t lined up with the API call you’re trying to execute via Postman. That being said, I recommend checking out the docs on JWT and generate a new JWT. There’s even a section that walks you through creating one manually.

3

I’m running this function in my connect app and reusing this JWT:

AP.context.getToken(function(token){
   console.log("JWT token string", token);
});

Screenshot 2023-03-10 at 2.21.13 PM
Screenshot 2023-03-10 at 2.21.13 PM1063×385 54.6 KB

This is the same query I’m trying to run in postman (not sure if that function handles the QSH properly).

4

I also tried to follow along this JWT creation guide:
https://bitbucket.org/atlassian/atlassian-jwt-js/src/master/

import * as jwt from "atlassian-jwt";
import moment from "moment";

export function createAtlassianJWT() {
  const now = moment().utc();

  // Simple form of [request](https://npmjs.com/package/request) object
  const req: jwt.Request = jwt.fromMethodAndUrl(
    "GET",
    "/rest/token-auth/3/issue/TES-1"
  );

  const tokenData = {
    iss: clientKey, // Client Key
    iat: now.unix(), // The time the token is generated
    exp: now.add(10, "minutes").unix(), // Token expiry time (recommend 3 minutes after issuing)
    qsh: jwt.createQueryStringHash(req), // [Query String Hash](https://developer.atlassian.com/cloud/jira/platform/understanding-jwt/#a-name-qsh-a-creating-a-query-string-hash)
  };

  const sharedSecret = SHARED_SECRET;

  const token = jwt.encodeSymmetric(tokenData, sharedSecret);
  console.log("Atlassian JWT", token);
}

I’m still getting an Unauthorized (401) error with this token I generate myself

5

Hi @ArunSoni ,

The JWT returned by AP.context.getToken() provides tamper proof context information that can be sent to your app server. This JWT can’t be used for interacting with the Jira REST API. See the cacheable app iframes guide for more information.

To generate a JWT for interacting with the Jira REST API, see the Creating a JWT Token section of the Understanding JWT for Connect apps guide.

Regards,
Dugald