Hi all I am using ACSB 2.2.3 about 2 weeks ago I start facing this error : .a.AbstractConnectAuthenticationProvider : JWT signature verification failed “jwt-value”
I use https://jwt.io the JWT signature is
HMACSHA256(
base64UrlEncode(header) + “.” +
base64UrlEncode(payload),
)
Header
{
“typ”: “JWT”,
“alg”: “HS256”
}
when I ask the client to uninstall and reinstall the addon all works fine, any help please?
Hi @HusseinFares,
Did this start around 8th March? We had an issue with the secret where we changed from a per-app secret to per-install secret. However, ACSB stores the secret per install, and so shouldn’t have had a problem.
You can see the discussion about the change here Moving away from per-installation shared secrets for apps.
Regards,
James.
Hi @jrichards, yes right it starts around the 8th of March, always I ask clients to reinstall the addon and the issue is resolved.
Hi @HusseinFares,
Then yes, I’d say the issue is related to the linked post. It’s likely your app didn’t handle the /install
webhook when the new payload came for already installed apps, which contained the new secret.
Regards,
James.
Hi @jrichards, I am using ACSB
@EventListener
public void processAddonInstalledEvent(AddonInstalledEvent event) {
AtlassianHost host = event.getHost();
I am not handling installation by mapping the “/install” endpoint.
do I need to handle /install payload and update Atlassian_Host database table with the new payLoad data ?
Best Regards
Hi @HusseinFares,
Atlassian Connect Spring Boot handles the install and the database table for you. Usually it’s pretty resilient to the install endpoint. Not sure what happened here. I’ll have a look and check with the team.
James.
Hi @jrichards ,
as the post mention
When this initial stage of the migration is complete, all shared secrets in your database will be the same – and then we’ll follow up with details on the next phase of the migration.
I checked my addon database and I found that the shared secret is not the same for all clients.
I am using ACSB 2.2.3 version.
Caused by: com.atlassian.connect.spring.internal.jwt.JwtSignatureMismatchException: JWT signature verification failed
Hi @HusseinFares,
As we’ve been discussing in your DEVHELP ticket, we think that your /install
webhook did’t respond in time to the payload updates we sent around the 8th March.
Uninstall and re-installing the app will fix this issue for each customer.
Regards,
James.