Sometime on March 10, 10-20 connect app shared secrets stopped working and all requests for those tokens started throwing 401 Unauthorized. The issue occurred randomly in our user base with some users having had no problems for the previous year and some immediately encountering the issue on sign up. Was there any change on on the API, Connect Apps, or Atlassian that rolled out at that time that could have caused these issues.
Atlassian is currently rolling out new sharedSecrets for each app & instance in an effort to move away from single sharedSecret to per-app / per-tenant shared secrets. You will probably have received new installed lifecycle events. It is absolutely paramount that your app is capable of receiving these updated sharedSecrets, i.e. that your code supports updated client information whenever a lifecycle event occurs. Could it be that you are currently not handling these updates in your app?
Yes, like @remie mentioned, we are moving towards the per installation sharedSecret as described here.
If you are still handling it as a per app secret in your app, you would get this 401s status in you response.
If you still need to adjust your code and are having trouble with this, please feel free to reach out to us by creating a Developer Support Ticket.
Edit: That last bit was on us. The new shared secrets are working I just forgot to decrypt something. thanks for the help. All resoved!
Thank you both!
Our connect app was always handled tokens on a per tenant basis, even during the per-app period. We store all inbound /installed payloads but did not have logic built to automatically update them. Today, in the process of testing a new code path to handle these swaps automatically, we replaced some older shared_secrets with the most recent payloads. However, we are still encountering 401 Unauthorized errors after this swap. Can we somehow request a new shared_secret for our customers without them uninstalling/re-installing our app OR is there some way to get the new shared_secrets working.