How to generate JWT or get shared secret in front-end to access my own REST API server using Atlassian Spring Boot starter?


I have developed some REST APIs and deployed it in my server (say

I have used Spring boot and Atlassian connect starter. Hence I am able to leverage the Spring security (@AuthenticationPrincipal AtlassianHostUser). And I have created the UI for my connect app using some JS framework. My UI is loaded as expected in the iframe as configured in the atlassian-connect.json. But I can access my REST API only if I have @IgnoreJwt is given. Else JWT token validation fails.

To overcome this, I have to generate the JWT token from the front-end so that the request is accepted by my REST server. Is there any Atlassian provided library or built-in function to generate a JWT signed request to my server?

If not, is there a way to access the “sharedSecret” in my UI code so that I can generate the JWT token?

Finally, if both of the above are not possible, how should I send the sharedSecret to the UI from my REST server (which is persisted in the atlassian_host table automatically)?


Atlassian provide a JS method for this purpose:

This retrieves a JWT token, known as a context JWT, which you can use to authenticate as the current user, back to your server.

Then in your server endpoint, I believe you just need to annotate with @ContextJWT