After migrating to context-qsh apps fail to install

jerry.laster · June 7, 2021, 6:01pm

Hi,
My apps started to fail today with the following errors:

Authentication verification error (401): Invalid JWT: Algorithm from the header “RS256” does not match
Installation verification error: 401 clientKey in install payload did not match authenticated client

Was there something I miss? I don’t have a handler for Installed. Should I add one? Is anyone else seeing this?

atlassian-connect-express": "^7.1.3
“apiMigrations”: {
“gdpr”: true,
“context-qsh”: true
},

app.post(’/enabled’, addon.authenticate(true), function (req, res)

This is preventing new installations from the marketplace, my dev environment is working. All my existing users were able to reinstall without errors.

Thanks
Jerry

maciej.dudziak · June 7, 2021, 6:39pm

Yeah, I suggest rollback to 6.6.0 which works

jerry.laster · June 7, 2021, 6:54pm

That worked. Thanks!

HanjooSong · June 7, 2021, 11:16pm

Hi, thanks for reporting this issue. New version v7.1.4 has been patched.
This should fix the underlying issue with clientKey being overwritten by audience claim during installation lifecycle event handling.

AndyJames · June 8, 2021, 5:28pm

Hi!
Having the same issue, but using atlassian-connect-spring-boot
The client cannot install the plugins. The’ve uninstalled right away. Started to happen with migration to qsh.
Any workarounds?

HanjooSong · June 9, 2021, 4:41am

Hi @AndyJames
As far as I know, atlassian-connect-spring-boot has not yet been released with the same change that has affected atlassian-connect-js. If you can create a DEVHELP ticket with more detail about the failing install we can take more look in detail.
(I could not find anything noticeable with atlassian-connect-spring-boot installs for the last few days.)

AndyJames · June 9, 2021, 8:09am

Do you have any hints on where we can check it?
We have 2 plugins and see the same behaviour for both. We did migrations with 2w break, now we’re almost sure that it’s somehow connected, as we firstly updated one plugin and started getting complains, then the second one and same things for it.
Also what’s strange, that we have it for 10-15% of installs, but not for all of them.

UPD: As a workaround we give customer a link with token then ask to start a trial after successful installation. Maybe it somehow can help with the investigation.