With PHP code below:
class JsonController extends Zend_Controller_Action
{
public $AUTHORIZATION_SERVER_URL = "https://auth.atlassian.io";
public $EXPIRY_SECONDS = 60;
public $GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";
public $SCOPES = "READ WRITE ACT_AS_USER"; // case-sensitive space-delimited as per the specification
# some code here
$appKey = $config->appkey;
//var_dump($customer);
//echo $domain->customer->domain;
$file = file_get_contents( $applicationPath .'/../customers/'.$customer['domain'].'/installed.txt');
//echo $file;
$phpNative = Zend_Json::decode($file);
$secret = $phpNative['sharedSecret'];
$clientKey = $phpNative['oauthClientId'];
$iat = (integer) time();
$exp = (integer) $iat + 60;
//echo $iat;
$token = array(
"iss" => 'urn:atlassian:connect:clientid:'.$clientKey,
"sub" => 'urn:atlassian:connect:useraccountid:'.$appKey,
"tnt" => 'https://'.$customer['domain'],
"aud" => $this->AUTHORIZATION_SERVER_URL,
"iat" => $iat,
"exp" => $exp
);
try {
$assertion = JWT::encode($token, $secret);
} catch (ExpiredException $e) {
echo $e->getMessage();
}
$config = array(
'adapter' => 'Zend_Http_Client_Adapter_Curl',
'curloptions' => array(CURLOPT_FOLLOWLOCATION => true),
);
//https://oauth-2-authorization-server.services.atlassian.com/oauth2/token
$uri = $this->AUTHORIZATION_SERVER_URL . '/oauth2/token';
//echo $uri;
$client = new Zend_Http_Client($uri, $config);
// Setting several POST parameters, one of them with several values
$client->setParameterPost(array(
'scope' => $this->SCOPES,
'assertion' => $assertion,
'grant_type' => $this->GRANT_TYPE
));
//$client->setParameterPost(array('grant_type' => rawurlencode('urn:ietf:params:oauth:grant-type:').'jwt-bearer&scope='.rawurlencode('READ WRITE').'&assertion='.$jwt));
$client->setMethod(Zend_Http_Client::POST);
$response = $client->request();
$body = $response->getBody();
echo $body;
I successfully get JSON response below:
{"access_token":"xxxx","token_type":"Bearer","expires_in":900}
Bet when I try to use access token in further functions I get only this:
{"error": "Add-on 'fi.i4ware.plugin.timesheet.tfj' disallowed to impersonate the user because 'no valid active user exists'"}
I just try to things with this documentation but with no 100 % success:
https://developer.atlassian.com/cloud/jira/platform/user-impersonation-for-connect-apps/
What to do?