(cross posting from here, because I think this is actually the correct place for the question)
Problem
I am seeing a JWT format error when re-installing a Bitbucket connect app:
{} Authentication verification error (401): Invalid JWT: Unexpected token m in JSON at position 0
To reproduce:
- Create, run and install the sample Bitbucket connect app according to the “getting started” guide at Getting started
- Re-install the app by re-visiting the installation link from step 9 of the “getting started” guide.
Expected:
The application is re-installed without error.
Actual:
The call to /installed
results in a 401 error being thrown:
{} Authentication verification error (401): Invalid JWT: Unexpected token m in JSON at position 0
POST /installed 401 33234.738 ms - 53
Notes:
Looking at the incoming request, I can see the Authorisation header looks like this:
Authorization: JWT b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhcmk6Y2xvdWQ6Yml0YnVja2V0OjphcHAve2I2YzRiNzcwLWZjMDgtNDcxMS05NTdkLTU2MGExMzU4YjM4ZH0vZXhhbXBsZS1hcHAtMTIzNDU2IiwiZXhwIjoxNjU3MzAwMDg0LCJpYXQiOjE2NTcyOTY0ODQsInFzaCI6IjRhMmUxZGU4Y2E3NGU2Y2FmZTg4NjJkMzMyZmEzYWM3YThlNTFlNjkyYmM2ZDc5OGVhNGRmZWRjMTQ5NDhiZjQiLCJhdWQiOiJhcmk6Y2xvdWQ6Yml0YnVja2V0OjphcHAve2I2YzRiNzcwLWZjMDgtNDcxMS05NTdkLTU2MGExMzU4YjM4ZH0vZXhhbXBsZS1hcHAtMTIzNDU2In0.PLgvhYcfdObBX6eEbxHzJxoajeNcjCaJBuGGdwtlzjQ'
Notice that the JWT starts with b'
and also ends with a single quote. This is causing an error in the atlassian-jwt/dist/lib/jwt.js
module when decoding the JWT.
If you remove the leading b'
and trailing quote, then the JWT format looks correct.
Something on the Atlassian/Bitbucket side seems to be generating wrapped/invalid JWTs when making that /installed
API call.