Hi, I have two Jira cloud addons (A, B) created using ac-spring-boot. my addon A has a rest API that is implemented to fetch data from a database not related to Jira but related to my addon, this API will be called from addon B or from a web java spring boot app. So if in addon A I annotated my rest API with @IgnoreJwt, addon B can call this API. But I want this API to be secured so how can I generate JWT from the addon B side that can call a secure API from addon A.
@HusseinFares I’m not sure if you are suggesting to use Atlassian Connect’s JWT format for communication between your apps. If so, I would recommend you to avoid that.
You could use a different JWT format for communication between your apps, but atlassian-connect-spring-boot doesn’t explicitly support that use case, so you would need to rely on the authentication scheme of the
Authorization header to distinguish the two.
If you can, I would rather suggest that you use some different method of authenticating that communication.
Hi @epehrson, for brainstorming and discussing why my cloud addon will have two JWT implementations one for Jira addon and the other to secure my own API. If I use to implement WebSecurityConfigurerAdapter to use basic authentication for example and then I apply this authentication only to one API that generates Atlassian Connect JWT for addon B using “com.atlassian.connect.spring.internal.request.jwt.JwtBuilder”. So both addons A, B can call other API’s and I avoid using @IgnoreJwt, and only I will have one JWT Authorization. My case is that I want addon A API to be used by A, B.