We’re attempting to switch one of our Dynamic Content Macros to Cacheable app iframes.
(FYI - the app uses atlassian-connect-express@3.2.0
, which should support cacheable iframes)
As a first step, we successfully removed all context params previous passed in the app’s URL (e.g. pageId
, pageVersion
, macroId
), and replaced them with a client-side AP.context.getContext()
call to fetch these params.
Next, we replaced the URL for all.js
to https://connect-cdn.atl-paas.net/all.js, rather than loading from relative to the tenant base URL.
At this point (before enabling the all-important cacheable: true
in our app’s descriptor), we tested the above changes to confirm that the app continues to function as normal, which it does.
As expected, the iframe URL at this point still includes all of the context params (xdm_e
etc.), including the jwt
token used to authenticate the request.
After adding "cacheable": true
into the app descriptor, the iframe URL no longer contains any context params (as expected).
However, our app now fails to load, with the message “Unauthorized: Could not find authentication data on request”.
Looking through the ACE source, this message appears to come from the extractJwtFromRequest()
function, when it fails to find a JWT token in either the query, request body, or authorization
request header.
Obviously we’ve missing something, but we can’t see anything in the Cacheable app iframes guide that we’ve missed.
Any help would be greatly appreciated.