for the app development I use Connect apps with
We also use
jwt authentication and our apps provide a project’s sidebar link for the app.
Internally, jira loads the app within the project scope for example like so:
And here’s the problem.
The JWT token appended to the URL does not change automatically. However, if our user is having the app (from the project sidebar) opened for example for 3 hours, during that time the JWT token expires.
In my experience, Jira seems to automatically reload the iframe inside which the app resides.
It reloads it with the same URL and the already expired token. This means that the JWT token provided by the URL is no longer valid. We on our servers validate the JWT token from URL, which results in the app not being displayed.
Our users has to refresh the browser window, so as the new JWT token is generated in the iframe’s URL.
I need to note that such behaviour I haven’t seen on many Jira instances, maybe just a few of them - that Jira would be automatically refreshing iframes.
Did anybody encounter similar issue and would would be a probable solution?