401 Unauthorized with jwt

Hello everyone,
I am very new to jira plugin development and I am trying build a plugin using jwt token. I am able to generate the jwt token successful and the signature is also verified (I checked it from https://jwt.io/ ) however, when I make a call with the jwt token I got a 401 response.

To test it out I try to access the following url from my bowser:


and it shows the 401 response.

Can anyone tell me what is wrong i am trying here.

Sorry for the very novice question. But I will really appreciate if you show me some light to more forward.

Hi @monjur - there’s plenty of things that could be contributing to this problem… so, perhaps start from the start. How did you generate the JWT? (following the Java example? using the atlassian-jwt library from NPM?)

And by the way, not a novice question. All this auth still makes me feel like a n00b.

Thanks @nmansilla for your reply. I actually figured it out. The application-properties cannot be accessed by app, and that was the problem. However, I am using firebase/jwt php to generate the token and it was generating successfully. later I tried to extract an issue and I was successful for that.

Thanks for responding.

1 Like

Doh, should have looked at what method you were calling. Well, good on ya for coming up with the answer to your own question.

Hi there
I am trying something similar … Also my first time working on Connect Apps. Here is a sample code I am using. I am running this locally and on my Test server … and both returns a 401.



use \Firebase\JWT\JWT;

$key = 'test-key-used-in-app-desc';
$iat = (int) time();
$exp = $iat + 3600;
$sec = 'URiDszs6dEQZeTrBRc5H1FwIbdoVnvYmVlgsSIAqduji5NUndVFwvtin0XawuJWa6wLcOoBbUvbinkJCqMTChe';
$method = 'GET';
$baseUrl = 'https://xxx.atlassian.net';
$path = '/rest/api/3/search';
$qs = str_replace('?', '&', '?maxResults=100');
$qshStr = $method.'&'.$path.'&'.substr($qs, 1);
$qsh = hash('sha256', $qshStr);
$claims = array
	"iss" => $key,
	"exp" => $exp,
	"iat" => $iat,
	"qsh" => $qsh

$jwtToken = JWT::encode($claims, $sec);
$apiUrl = $baseUrl.$path.'?jwt='.$jwtToken;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiUrl);
curl_setopt($ch, CURLOPT_HTTPGET, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Accept: application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($ch);
echo '<pre>';print_r(json_decode($curl_response, true));echo'</pre>';

Please advise where I am going wrong?