Handling first installation

as documentation says on first installation Jira would not send any JWT tokens for costumer. How my app supposed to act in this scenario? Why is first install callback request empty?

Can you elaborate a bit on what you mean with “first install”? Do you mean the Installation handshake?

It would help if you would post a link to the documentation you’re referring to, this will help us give you a good explanation.

I’m refering to this doc page:

There is a table with some scenarios, and one of them is on first installation:

None; no JWT token. Because there was no previous shared secret the recipient cannot validate a JWT token. This means that you should anticipate that there will be no Authorization header present.

I tested this behavior again and found out that they steel send secret key, so that means that i only cant verify response from Jira.

If you want to verify the payload, you can actually do a request to the Jira Cloud instance using the client ID and shared secret to generate a JWT token. If you are able to successfully connect, you will know the payload is valid.