How do I sign my JWT requests for the REST interface?

Hi there, I’ve been working on a python connect implementation on the side I’m not entirely sure what’s going wrong with that approach - possibly the aud field - but I can show you how I’ve done it in the past. I use a combination of the atlassian-jwt library and another called requests-jwt:

import time
import urllib.parse

import requests
import requests_jwt
from atlassian_jwt.url_utils import hash_url as generate_qsh


def qsh(base_url):
    base_path = urllib.parse.urlparse(base_url).path

    def qsh_generator(request):
        relative_path = request.path_url
        if relative_path.startswith(base_path):
            relative_path = relative_path[len(base_path):]
        return generate_qsh(request.method, relative_path)

    return qsh_generator


def iat(*_):
    return int(time.time())


def outgoing_authenticator(base_url, shared_secret, addon_key):
    jwt_auth = requests_jwt.JWTAuth(shared_secret, alg='HS256',
                                    header_format='JWT %s')
    jwt_auth.expire(600)
    jwt_auth.add_field('iat', iat)
    jwt_auth.add_field('iss', addon_key)
    jwt_auth.add_field('qsh', qsh(base_url))
    return jwt_auth

requests.get('https://your-url', auth-outgoing_authenticator(<tenant base url>, <tenant shared secret>, <addon key>))

Hope that’s useful to you. One of these days I’ll publish a library :wink:

3 Likes