Connect install event is missing shared secret

MikeDev · February 3, 2022, 10:41am

I followed the documentation links provided in your reply. I created a rest api route for “/installed” hook. After that I tried to install the app, in the handshake call I saw the user_account_id=xxxxxx in the query string. I thoroughly checked the handshake call but didn’t find the security context/shared secret as mentioned in one of the documented page:

“When an administrator installs the app in an Atlassian cloud instance, Connect initiates an “installation handshake”: it invokes the endpoint, passing a security context. You must then store this security context for future use.”

Not sure where I’m doing wrong. Below is my app descriptor content.

{
  "name": "My App",
  "description": "",
  "key": "com.example.myapp2",
  "baseUrl": "https://1576-122-160-84-18.ngrok.io",
  "vendor": {
    "name": "My App",
    "url": "https://example.com/"
  },
  "authentication": {
    "type": "jwt"
  },
  "lifecycle": {
    "installed": "/api/v1/lifecycle/installed"
  },
  "scopes": ["READ", "WRITE", "DELETE", "ACT_AS_USER", "ADMIN"],
  "apiVersion": 1,
  "modules": {
    "generalPages": [
      {
        "url": "/index?pId=${project.id}&pKey=${project.key}",
        "key": "my-app-overview",
        "icon": {
          "url": "/images/favicon.jpg"
        },
        "location": "system.top.navigation.bar",
        "name": {
          "value": "My App"
        }
      }
    ],
    "jiraIssueContents": [
      {
        "icon": {
          "url": "/images/favicon.jpg"
        },
        "target": {
          "type": "web_panel",
          "url": "/Issue?pId=${project.id}&pKey=${project.key}&iKey=${issue.key}"
        },
        "tooltip": {
          "value": "My App"
        },
        "name": {
          "value": "My App"
        },
        "key": "my-app-jira-issue-panel"
      }
    ]
  }
}

ibuchanan · February 3, 2022, 12:05pm

@MikeDev,

I confirm that’s a valid descriptor for Jira. If you had the authentication type set to none, then I would expect no shared secret. However, you correctly have it as jwt so I can’t explain why that would happen. Can you post the shape of the payload that you are receiving?

MikeDev · February 3, 2022, 2:09pm

This is what I’m getting when JIRA call my / installed route

Http Request Information:
IPAddress: ::1
Method: POST
URL: https://1576-122-160-84-18.ngrok.io/api/v1/lifecycle/installed/v1?user_account_id=xxxxx
Authorization: 
Request Time: 2/3/2022 10:08:26 AM
Request Content Type: 
Request Body: 
Http Response Information:
Content Type: application/json
Status Code: OK
Response Time: 2/3/2022 10:08:26 AM

ibuchanan · February 3, 2022, 3:06pm

@MikeDev,

Sorry if I was not clear, I meant the body of the HTTP request on your installed route. What JSON is your route getting?

MikeDev · February 4, 2022, 3:16pm

After your reply I tried to install few more times to check the request body (payload), but always I get empty request body. Then in my last attempt I hosted my .net core application on azure server and then tried to install the app in JIRA using that hosted application link and guess what I get proper request body (payload) from JIRA connect in installed handshake . So I realized that something was going wrong when I was using ngrok to make my local application available online. Now my problem is solved and I’m getting the proper payload in below format:

{
	"key": "xxxxx",
	"clientKey": "xxxxx",
	"oauthClientId": "xxxxx",
	"publicKey": "xxxxx",
	"sharedSecret": "xxxxx",
	"serverVersion": "xxxxx",
	"pluginsVersion": "xxxxx",
	"baseUrl": "xxxxx",
	"productType": "jira",
	"description": "xxxxx",
	"eventType": "installed"
}