Installing App Fails with Atlassian Connect Express Version 7.6.0

I can’t install Connect App on Bitbucket when using the atlassian-connect-express version 7.6.0.
It does work with older versions, for example version 7.4.8.

With version 7.6.0 I get a 401 error on the /installed endpoint:


Installation verification error: 401 Unexpected or missing JWT token, failed to verify installation.
POST /installed 401 58.864 ms - 63

When I look at the relevant code in the connect-express module, it seems that the authentication mechanism got removed.
In version 7.4.8, there are two paths for the authentication.

// in verifyInstallation.js, authenticateInstall 
   if (
      addon.config.signedInstall() === "force" ||
      (signedInstallFromDescriptor && isJWTAsymmetric(addon, req))
    ) {
} else {
   ... // The 'old' code path is taken on installation.

In version 7.6.0, only the asymmetric code path exists:

// in verifyInstallation.js, authenticateInstall 
 if (isJWTAsymmetric(addon, req)) {

  } else {
       // The 'old' fallback path removed. But this is always taken.
        "Unexpected or missing JWT token, failed to verify installation."

I’m not sure what I’m missing. Is there a app descriptor entry I need to add to take the ‘modern’ path?
I think this related to the Atlassian Connect Lifecycle improvements: Action Required - Atlassian Connect installation lifecycle security improvements
I tried to add the apiMigrations.signed-install, but it is explicitly removed by the framework when running a Bitbucket app.

So, I’m not sure how to use the latest Connect Express version for a Bitbucket app.
I can’t get the older non-signed install requests accepted and I can’t enabled the signed install requests from Bitbucket?

Am I missing something obvious? Or is this an oversight and Atlassian Connect Express 7.6.0 isn’t compatible with Bitbucket.


Hi @RomanStoffel
Thanks for reporting this bug, I will have bitbucket app support restored shortly with a new minor release.
Thank you.

Update: v7.7.0 has been released now.