Good question. I’m working on a presentation about the 3 main JWT flows for AtlasCamp in Barcelona. I have some working Node.js code examples but they aren’t based on ACE and they don’t have tests yet. But, I think the experience has given me enough to comment on the test strategy. Which JWT flow are you using:
Accepting a web hook or UI module from Atlassian?
Sending a REST API request to Atlassian?
Making a REST API request to Atlassian on behalf of a user?
I’m protecting my resources by adding addon.authenticate() or addon.checkValidToken() to my add-on endpoints.
I was wondering about it that all examples based on ACE has no Test-projects.
It would be nice when you / Atllassian could provide some additional information about this topic.
Is there anybody else how can give me some support ?
For example, how to mock the installation-process to generate addon-setting entries used for jwt creation ?
However, I’m skeptical this testing approach is appropriate for ACE-based add-ons. The lifecycle callback are already handled by ACE and it already has tests. In the examples you provided, ACE also handles the decoration of outgoing requests with JWT, and the verification of incoming requests with JWT. It seems like you’re asking for a strategy to test something that is already tested.
Can you tell us more about what you want the tests to find?
Not sure how you’re testing, but there really isn’t any magic when it comes to Confluence/JIRA Cloud installations. If you’re trying to do integration testing, you can just trigger the installation hook yourself with your own secrets and then start generating the jwt tokens. As long as your qsh and such are correct in the JWT claim that you send down you can mimic what the Connect framework would do.
If you’re trying to do unit testing on the calls that are secured with a JWT token - you could in theory do something similar BUT I would suggest setting the environment var AC_OPTS with no-auth: Bitbucket
We have similar sort of requirements, we are trying to consume JIRA REST API.
We don’t know how to generate JWT, can you please share some ideas / approach in JAVA?
Also we have consumed Zephyr add-on for JIRA by generating JWT using access key/secret key but we ar not sure how to generate the JWT for JIRA REST API?
Hi @daniel - Do you have any example code of triggering the installation hook and generating a JWT token?
We’re writing integration tests using mocha, chai, and chai-http. Some of our protected routes end up firing requests back to Atlassian using the ACE addon.httpClient. It is my understanding that the httpClient only works on routes that are protected using addon.authenticate(). Without generating the token, I’m not sure how to handle that.
We don’t have a custom install route and are making use of the default setup in ACE. As part of the initial test we’re posting some JSON containing: key, clientKey, sharedSecret, etc. This is hitting, but I think we’re missing a step somewhere. When making the next request we’re getting the error: “Authentication verification error (401): Could not find stored client data for [key included in JSON file]. Is this client registered?”