Expired JWT, clock draft?

I developed an addon based on atlassian connect express,

  • in dev mode : token expired after 15 min (can see that on decode token and compare iat and exp)
  • in my 2 tests instances, i install the addon : token expired after 3 min
    submitted my addon to be approved, after install by atlassian, when they want to access addon they have “Token is expired”
    i can generate this case in dev mode when i change my clock (wrong time)
    i think is a clock problem between my server where i deployed the addon (heroku) and atlassian server instance, but no idea haw to resolve that
    does some one have any idea?

Which token are you talking about? In what situation does it expire?

The ace tutorial uses hbs helpers to inject a jwt token into the page. This token might time out after a certain time. To get an up to date token you should take a look at the AP api. https://developer.atlassian.com/cloud/confluence/jsapi/context/

@Kilian.B Hi,

the addon is a space tool tab, the issue of unauthorized is when access the space tool
// here
module.exports = function (app, addon) {
app.get(’/space-tools-tab’, addon.authenticate(), (req, res) => {
// some code
it’s about token in addon.authenticate() function,
for me, dev is ok and i test install in other instance and it’s ok
but atlassian staff, on test addon, they have message “not authorized” when access the space tool tabs, i am thinking is about clock draft may be?