Best way to check addon license for requests made from addon's page

Berkayztrk · September 14, 2020, 10:37am

Hi,

We are developing an addon using AC-SpringBoot and I have some questions regarding license check.

1- We want to check if the addon’s license is valid for every request made to our server from our addon’s pages. We can get the license status by sending a request to GET /rest/atlassian-connect/1/addons/{addonKey} on the server-side, but this process takes 200-300 ms - which is too much for us. Is there a faster method? (“lic” context parameter does not work for us since it is sent only when the page is opening.)

2- If we add the “addon_is_licensed” condition to atlassian-connect.json for the corresponding page, the license check is handled by Jira when opening the page. But if the page is opened while the license is valid, the requests made after the license expires get “Uncaught Error: ACJS: Cannot get token. Add-on does not support JWT authentication” error (We use AP.context.getToken for every request made from the client). Is this error due to the license condition we added? Does Jira stop refreshing JWT’s when the license becomes invalid and the app descriptor has license condition for the corresponding page? Can we trust JWT for license check?

Thanks in advance,
Berkay

RaimisJ · September 14, 2020, 11:09am

You can also use lic parameter from referrer header.

Berkayztrk · September 14, 2020, 12:13pm

I didn’t know that, thanks, but I think there is still a problem: If the license expires while the page is open, “lic” parameter is not updated without refreshing the page. Thus, it is still not useful for us.

epehrson · September 16, 2020, 8:45am

@Berkayztrk when using AP.context.getToken(), you can use the "license" field of the JWT token payload to verify the license state (see Context information format).

Obtaining that field currently in atlassian-connect-spring-boot is rather cumbersome, however, so it sounds like ACSPRING-88 would help you.

if the page is opened while the license is valid, the requests made after the license expires get “Uncaught Error: ACJS: Cannot get token…"

You mean if the license expires while the user has a browser open with an app iframe on it? Context token retrieval should not depend on the license state in any way, so I imagine the cause is something else.

Berkayztrk · September 14, 2020, 4:58pm

when using AP.context.getToken() , you can use the "license" field of the JWT token payload to verify the license state

Thanks. I’ll try this.

You mean if the license expires while the user has a browser open with an app iframe on it?

Yes, that’s correct.

I am doing tests using Access Tokens and whenever I change the license status to inactive, I get this error. I thought it is somehow related to the way that Jira handles Connect app licenses.

Berkayztrk · September 16, 2020, 8:45am

@epehrson

"license" field of the JWT token worked for me, thank you.

I had to manually parse the JWT to get the license field. This process will be easier once ACSPRING-88 is completed, but until then I have to stick with this method.