I’m running atlassian-connect-express 7.4.7 with the following:
/atlassian-connect.json
{
...
"lifecycle": {
"installed": "/installed",
"uninstalled": "/uninstalled",
"enabled": "/enabled",
"disabled": "/disabled"
},
"webhooks": [
{
"event": "connect_addon_enabled",
"url": "/webhooks/connect_addon_enabled"
},
{
"event": "connect_addon_disabled",
"url": "/webhooks/connect_addon_disabled"
},
...
],
...
}
/routes/index.js
const onLifecyleEvent = (req, res, next) => {
...
next();
};
// Lifecycle events
app.post("/installed", addon.authenticateInstall(), onLifecyleEvent);
app.post("/uninstalled", addon.authenticateInstall(), onLifecyleEvent);
app.post("/enabled", addon.authenticateInstall(), onLifecyleEvent);
app.post("/disabled", addon.authenticateInstall(), onLifecyleEvent);
// Webhooks e.g. "connect_addon_enabled" or "connect_addon_disabled"
app.post("/rest/webhooks/:event_name", addon.authenticate(), (req, res) => {
res.sendStatus(200);
}
If I run the app in dev, then CTRL+C to stop it, I see the following (in this order):
POST /installed 204 No Content
POST /webhooks/connect_addon_enabled 200 OK
POST /enabled 401 Unauthorized
POST /uninstalled 404 Not Found
POST /webhooks/connect_addon_disabled 200 OK
POST /disabled 401 Unauthorized
The install
lifecycle event & webhooks behave well, but the enabled
, uninstalled
& disabled
lifecycle events are not behaving as expected.
I’ve updated the node_modules/atlassian-jwt/dist/lib/jwt.js
so that the error it throws adds the expected algorithm for these errors:
{} Authentication verification error (401): Invalid JWT: Algorithm from the header "HS256" does not match the expected algorithm "RS256"
Is addon.authenticateInstall()
incorrect for lifecycle events other than installed
or am I missing something else?