Dynamic baseUrl


#1

I’m developing an app to connect Rocket.Chat and Jira, we have almost everything done but we found a problem trying to solve the marketplace listing.

We are an open source software what means people can run our software wherever they want, that requires our app to point to the instance dynamically and the connect manifest only allows us to define a fixed and pre defined base url.

What I was looking for was a way to call the jira installation in a certain URL where I could pass the URL from where the manifest is located to be installed.

The way we are doing now is telling the users to enable the developer mode in their jira installations to be able to install the add on via URL manually but I don’t think it’s the best way to have the installation process.

Do you have any ideas?

Thanks.

Rodrigo Nascimento, CTO @ Rocket.Chat


#2

Ugh. Yeah don’t tell people to enable developer mode. It opens them up for various attacks (only secure app to install is from the marketplace).

My suggestion would be for you to create a standalone web app that you can the users do a ping back to it after do they the installation of the connect app (and for it to perform some type of handshake).


#3

Like a gateway or proxy?

Is there some way to pass parameters to the manifest URL when installing it? That way I could return the manifest dynamically and point the hooks directly to the server.


#4

Kinda. The descriptor is static so you can’t play with any magic there.

That said - if you stand up a central service and have a descriptor that contains (have it as a public listing):

 "webItems":
    [
      {
        "key": "secure-redirect",
        "location": "not-really-there"
        "name":
        {
          "value": "My redirect"
        },
        "url": "/redirect?param=${ac.token}",


        "conditions": [
          {
                "condition": "user_is_admin"
           } 
        ]
      }

Then you can have Rocket.Chat ask your user for their Atlassian Cloud base url (ie https://myinstance.atlassian.net) and then send them to https://[instance].atlassian.net/plugins/servlet/ac-redirect/[your-plugin-key]/secure-redirect?token=[sometoken]. The Jira instance will verify that they’re an admin and if they are then kick them to your Atlassian connect app with a confirmed jwt token and the param parameter with the contents of the token that you sent in. The token parameter can be whatever you want (you could have say - the base url of the Rocket.Chat application in there).

One of the benefits of this is that the end users can actually have multiple Rocket.Chat instances installed in their app.


#5

@danielwester thanks it sounds interesting.

Does this need to be performed after the app installation right?