How to implement Atlassian Connect JWT and /installed, /uninstall for connect app with

Hello, I’m new to JIRA development. I am building an Atlassian Connect app with I’m stuck at how to implement authentication by jwt and lifecycle (installed, uninstalled, enabled & disabled). I wrote the following in the atlassian-connect.json

"authentication": {
    "type": "jwt"
 "lifecycle": {
    "installed": "/installed",
    "uninstalled": "/uninstalled",
    "enabled": "/enabled",
    "disabled": "/disabled"

I’m not sure what to do in my application regarding lifecycle sub-items. Do I have to create page(s) for “/installed” and rest other items under lifecycle? If yes then what code I should have to write for these callbacks

Any kind of help or guidance on how to do it will be appreciated.



Yes, these lifecycle callbacks must be implemented in your code as REST API routes. To start, you only need the installed route. From documentation about Connect lifecycle:

The installed lifecycle callback is an integral part of the installation process of an app, whereas the remaining lifecycle events are essentially webhooks.

The fundamental “handshake” of the installed hook is to obtain a sharedSecret for each clientKey (see above docs for more explanation of each value). As an initial implementation, you just need a key/value store with an interface like Dictionary<string, string> so you can Add(clientKey, sharedSecret). Starting with an in-memory dictionary is acceptable for dev but will get tedious quickly as all apps are “uninstalled” when the app restarts with a fresh dictionary.

Later, your app will need to look up the sharedSecret to sign JWT tokens for making REST requests. The query string hash is a custom claim so you will need to implement it based on our own specification.

1 Like

A post was split to a new topic: Connect install event is missing shared secret