Jira connect app : JWT auth for configure page

SylvainCaillet · July 20, 2023, 6:53am

Hi everyone,
Following this warning from Atlassian, I modified a Jira cloud plugin code to comply but there is still a pending question : what about the configure page ?

My atlassian-connect.json file contains

    "configurePage": {
      "url": "/plugin/adminPagePro",
      "key": "configure",
      "name": {
        "value": "My plugin Setup Page"
      }
    },

but when this page is called because an admin hit the “configure” button in the manage apps page, the server is only receiving jwt value as a query param, not an authorization header. I was expecting to get both until 31/08/2023 to help the transition, right ?

What did I miss ?

Thanks a lot for your help,
Best regards,
Sylvain

SeanBourke · July 20, 2023, 7:35am

Hi @SylvainCaillet,

The deprecation of JWT query strings only impacts the utilisation of JWT query strings as an authorisation method for any requests to Atlassian REST APIs. Whenever your app is making a call to an Atlassian REST API, it should utilise an authorisation header.

Where your site is loaded as part of an iFrame in a Connect module, a JWT query string will still be provided to support authentication.

Hope this helps.

Cheers,
Sean

SylvainCaillet · July 20, 2023, 7:48am

Hi Sean,

Thanks a lot for this clarification. Indeed, I missed this point and thought it was a more global change.

Best,
Sylvain