After migrating to context-qsh apps fail to install

Hi,
My apps started to fail today with the following errors:

Authentication verification error (401): Invalid JWT: Algorithm from the header “RS256” does not match
Installation verification error: 401 clientKey in install payload did not match authenticated client

Was there something I miss? I don’t have a handler for Installed. Should I add one? Is anyone else seeing this?

atlassian-connect-express": "^7.1.3
“apiMigrations”: {
“gdpr”: true,
“context-qsh”: true
},

app.post(’/enabled’, addon.authenticate(true), function (req, res)

This is preventing new installations from the marketplace, my dev environment is working. All my existing users were able to reinstall without errors.

Thanks
Jerry

1 Like

Yeah, I suggest rollback to 6.6.0 which works

3 Likes

That worked. Thanks!

Hi, thanks for reporting this issue. New version v7.1.4 has been patched.
This should fix the underlying issue with clientKey being overwritten by audience claim during installation lifecycle event handling.

2 Likes

Hi!
Having the same issue, but using atlassian-connect-spring-boot
The client cannot install the plugins. The’ve uninstalled right away. Started to happen with migration to qsh.
Any workarounds?

Hi @AndyJames
As far as I know, atlassian-connect-spring-boot has not yet been released with the same change that has affected atlassian-connect-js. If you can create a DEVHELP ticket with more detail about the failing install we can take more look in detail.
(I could not find anything noticeable with atlassian-connect-spring-boot installs for the last few days.)

Do you have any hints on where we can check it?
We have 2 plugins and see the same behaviour for both. We did migrations with 2w break, now we’re almost sure that it’s somehow connected, as we firstly updated one plugin and started getting complains, then the second one and same things for it.
Also what’s strange, that we have it for 10-15% of installs, but not for all of them.

UPD: As a workaround we give customer a link with token then ask to start a trial after successful installation. Maybe it somehow can help with the investigation.