JWT::ExpiredSignature (Signature has expired) upon loading add-on

Hi Guys,

I was scanning my server logs and saw that I get, from time to time, a JWT::ExpiredSignature exception. This happens when the user loads the issue and that my add-on web panel is loaded. I’m wondering a few things:

  • Why is the token expired if the user loads the issue?
  • Assuming that the user tries to reload a page, will JIRA also find out that the token is expired and push for the user to login again? Thus never actually showing my add-on?
  • Typically, how long is the token valid?

Thanks for any input!


we had similar problems in the past. Take a look at the following issues: ACJIRA-294, ACJIRA-724. We fixed them back then and now JWT tokens should be refreshed when needed. However, it might be the case that the issue still persist for some combinations of UI elements’ locations and types.

A way to reproduce this would be extremely helpful here. Are you able to provide any more details? Which web-panel location does you add-on use (ideally, could you provide the exact web-panel definition in your app descriptor)? What is the sequence of actions to result in an expired token?

Thanks Krzysztof,

ACJIRA-724 points to ACJIRA-294 but the it is private so I cannot see it :frowning:

I didn’t figure out any patterns to this. I see them coming in my production server logs. I will send you a PM with some of the information that you ask.