I have developed some REST APIs and deployed it in my server (say
I have used Spring boot and Atlassian connect starter. Hence I am able to leverage the Spring security (@AuthenticationPrincipal AtlassianHostUser). And I have created the UI for my connect app using some JS framework. My UI is loaded as expected in the iframe as configured in the
atlassian-connect.json. But I can access my REST API only if I have @IgnoreJwt is given. Else JWT token validation fails.
To overcome this, I have to generate the JWT token from the front-end so that the request is accepted by my REST server. Is there any Atlassian provided library or built-in function to generate a JWT signed request to my server?
If not, is there a way to access the “sharedSecret” in my UI code so that I can generate the JWT token?
Finally, if both of the above are not possible, how should I send the sharedSecret to the UI from my REST server (which is persisted in the atlassian_host table automatically)?