Forge appToken requests to Confluence from a Connect remote?

Forge Adopting Forge from Connect
, ,
1

We’re migrating a Connect app to Forge Remote and need clarification on the getForgeAppToken() documentation.

Current State:

  • Migrating modules to Forge while keeping Connect /installed lifecycle (which includes sharedSecret in payload)
  • Using authenticateForge() + associateConnect() strategy
  • Then using ACE’s http client to make requests using sharedSecret JWT generation

The ACE docs state:
“If you are making a request in response to an invocation which did not come from Forge, have the appropriate installation ID, and would like to make a request to Atlassian APIs, you can retrieve the app token using addon.getForgeAppToken(installationId).”

From ACE source code, it appears as if tokens are only cached during Forge requests:

verify-forge-invocation-token.js - only runs on Forge requests
await addon.forgeAppTokenCache.setForgeAppToken(installationId, appToken, apiBaseUrl)

forge-app-token-cache.js - only retrieves cached tokens
async getForgeAppToken(installationId) => this.addon.settings.forForgeInstallation(installationId).get(“appToken”)

Question:

Does getForgeAppToken(installationId) only work AFTER at least one Forge request has cached tokens for that installation?

Or, for Connect requests (no Forge requests yet), will getForgeAppToken() always return null?

Use Case:
If we want to use getForgeAppToken() to make requests to the host product from our backend (server, background jobs triggered by webhooks, & queued long running tasks), will we need to migrate all usages of ACE’s http client over to this before migrating the /installed lifecycle event?

Otherwise, before migrating the lifecycle event, are we able to leverage https://developer.atlassian.com/platform/forge/remote/calling-product-apis/ offline user impersonation to achieve the same? (considering requests may come from Forge or Connect contexts while modules are being migrated)

Is the documentation wrong, as it suggests we can make requests to the host product using the Forge appToken by pulling the token from the cache even when the original request source is a Connect module?

Thanks

Cross-App Requests in Jira and Confluence after migration to forge
2

Hi @JeromeParramore ,

Does getForgeAppToken(installationId) only work AFTER at least one Forge request has cached tokens for that installation?

Yes this is correct. You need at least 1 forge remote request to an endpoint that uses the authenticateForge middleware for the tokens to be cached.

If you want to reliably make product API requests using your forge appToken from Connect requests, I would suggest following the guide you’ve linked and set up an hourly scheduled trigger to regularly receive and cache the appToken.

Hope that helps!

1 Like
3

@SerenaWang thank you for contributing. Once we have fully migrated from connect to forge (ie. no more connect modules), will the associateConnect() approach for callbacks to the API still work for new installs?

Thank you
Chris

1 Like
4

This topic was automatically closed after 30 days. New replies are no longer allowed.