Hi @remie ,
I believe the caching of public key was discussed in another post was discussed in another topic, but let me just reiterate here that mentioning it in the post was probably a mistake from our side. The CDN should be very reliable, the same CDN is used for the frontend assets of the actual products so if the CDN is down the products themselves will be broken and nobody will be able to install apps anyways.
Apologies in advance as this is going to be a long reply. The TL/DR is that we actually have not decided not to expose a single shared secret on app management, the current signed install was introduced as a quick fix to provide better security while we move Connect over to our new internal platform.
There’s a couple of reasons why exposing the secret in is not as simple as it might seem. First of them is historical reasons. The Atlassian cloud was originally implemented as multiple independent virtual machines, which were completely separated from each other. In reality behind the scenes you don’t actually have a single app, every single installation of the app is completely separate and they just happen to share the same descriptor. We’re working on moving to a more centralized system, but it will take some time.
Another reason is that you can also install apps that are not listed on marketplace. If we wanted to have a solution for single shared it would also have to work for the apps that are not on marketplace, so it couldn’t be implemented there. We would have to use some other system, like the app management you use for 3LO and Forge apps in developer.atlassian.com. Again in order for this work we will need to move Connect apps to our new platform.
The good news is that moving Connect apps to the new platform is actually going to happen as part of the Connect-Forge harmonization project (more information here: Introducing alpha support for adding Forge to your existing Connect app). We are at the moment internally discussing how authentication should work for Connect apps that have moved over to the new platform (ie. harmonized) and also how Forge remote compute (a way for Forge apps to integrate with services running outside Atlassian infrastructure) should work. A single shared secret is definitely one of the options we are considering, at least for some subset of apps.
We’re likely to share some early thoughts around the topic with the vendors to get some feedback soon, and would be happy to include you in the discussion.
Let me know if you have any further questions around this.