We have a publicly listed Atlassian Marketplace app/plugin built with https://bitbucket.org/atlassian/atlassian-connect-express/src/master/. Today where we were looking at the database and the application logs we discovered something really strange.
We have 13 apps installation and 12 of the have the same
sharedSecret and one of them have a different one stored.
This is surprising because the documentation says that all the tenants share the same secret.
What is even more strange, the next installation (after the one that has a different shared secret) received the same secret as the preceding installations.
So we have:
This is an extract from the application DB (
What we also observed is that installation
11 was created the same day with a very similar
(btw. may not be related, but worth noting another anomaly: in the installation
https://mazik.personal.atlassian.net while in the description we can see
Atlassian JIRA at https://team-43534534587.atlassian.net)
BTW. It would be great to get some information on when the
sharedSecret can change. F.e. Can it change during the app update or is it safe to assume that it will never change since the installation?