Expired JWT, clock draft?

souha · December 22, 2020, 4:29pm

hi,
I developed an addon based on atlassian connect express,

in dev mode : token expired after 15 min (can see that on decode token and compare iat and exp)
in my 2 tests instances, i install the addon : token expired after 3 min
submitted my addon to be approved, after install by atlassian, when they want to access addon they have “Token is expired”
i can generate this case in dev mode when i change my clock (wrong time)
i think is a clock problem between my server where i deployed the addon (heroku) and atlassian server instance, but no idea haw to resolve that
does some one have any idea?
thanks

Kilian.B · December 26, 2020, 12:16pm

Which token are you talking about? In what situation does it expire?

The ace tutorial uses hbs helpers to inject a jwt token into the page. This token might time out after a certain time. To get an up to date token you should take a look at the AP api. https://developer.atlassian.com/cloud/confluence/jsapi/context/

souha · January 19, 2021, 1:45pm

@Kilian.B Hi,

the addon is a space tool tab, the issue of unauthorized is when access the space tool
// here
module.exports = function (app, addon) {
app.get(’/space-tools-tab’, addon.authenticate(), (req, res) => {
// some code
}
);
}
it’s about token in addon.authenticate() function,
for me, dev is ok and i test install in other instance and it’s ok
but atlassian staff, on test addon, they have message “not authorized” when access the space tool tabs, i am thinking is about clock draft may be?

Souha