Problem publishing a private app made with thymeleaf template?

To give you some context. I have used the spring boot thymeleaf template available on the bitbucket repository for developing apps using java. I have used it to create a custom app, this will always be a private app not intended to be used publicly. The app works in my sandbox instance of JIRA when I use the ngrok tunneling software.

However, the problem arises when I try to publish the app as a private app using my vendor account.
Firstly when I try to publish the app using an installation URL, which in this case is the ngrok randomly generated the address. It says that the “App key must be unique” in my atlassian-connect.json file referring to the default value of “key”: “atlassian-connect-spring-boot-sample-thymeleaf”. When I change this key to make it unique it causes 2 more problems.

  1. The app itself stops working when I “upload app” onto my sandbox instances, and I get this prompt on JIRA; “The app host returned HTTP response code 401 when we tried to contact it during installation. Please try again later or contact the app vendor.”, but despite it not working it can be published in the private market place.

  2. When I do publish it even though it’s not working, I use the token generated from a privately published app to install the app on to my sandbox it causes the same error.

I was wondering if there is any way to solve this issue such that I can change the value of the “key” and it works when I upload it from my machine and it can be published and works when installed using a token? Help would be really appreciated. Thanks

1 Like

Your app server has a record of the install for the given client key (installed with the old app key). As you’ve changed your key, the Jira side now considers this to be a different app. When your app receives the new install payload, it sees that there is an existing install (it sees the same client key) and expects the new request to be signed with the established secret. As the Jira side believes this to be an new install the initial install payload is not signed. Your app rejects the install with a 401.

When you change your app key, you should clean out any existing installs in your app database, making sure you do not need any of the data which is stored in your app for those installs.

1 Like

Thank you for your reply. I managed to make it work yesterday, by doing the following 2 things. Firstly by changing the key in the atlassian-connect.json file to be new and unique, however, this alone does not solve the issue, and still, returns 401. The second part is to go into the application.yml file and change the default value of “spring.datasource.url: jdbc:hsqldb:file:addon-db” to anything else by appending anything after the default value i.e “spring.datasource.url: jdbc:hsqldb:file:addon-db1”. By doing these two things I managed to somehow make it work such that it’s publishable as a private app and can be installed into a sandbox instance with installation url. I still don’t understand what “signed with the established secret” means. Thank you.