Recommended approach to send user inputs to the server?

Cust0mFirmware · February 5, 2021, 4:39pm

Hi guys,

I am currently working on my first connect add-on. I use the dialog component to prompt for user input.
Now, I’m searching for the recommended approach to send this user inputs back to the Node.js server.

Would that be to use the request JavaScript module (https://developer.atlassian.com/cloud/confluence/jsapi/request/) and make a GET/POST request to an addon-specific URL? Are there any instructions on how to build up the whole URL in order to send a request to a route defined in my Node.js application?

Best regards

candid · February 10, 2021, 8:00pm

AP.request is there for making requests against the Confluence REST API.

To make requests against your own backend, you can use whatever you like. I assume you are using an express server. In that case add a new route to your express app. Find more information in the docs, and plenty of tutorials can be found online how to implement a REST API with express.

For the frontend, I recommend using the Fetch API to make requests against your backend.

Cust0mFirmware · February 15, 2021, 3:37pm

Hi @candid

Thanks for the clarification
I think implementing it with fetch and express will be the way to go for me - I am already familiar with this from other (non Altassian) projects.

One more questions came to my mind:
What would be best practice regarding authentication if I perform the query with fetch myself?

Beste regards

candid · February 16, 2021, 12:37am

It really depends what you are trying to achieve. Confluence passes a jwt query parameter to the iframes of your modules (more info about JWT). You can send this JWT along with the requests to your backend. The JWT expires after a while, if you want to make a request some time after the iframe has loaded, you can generate a new JWT using AP.context.getToken().

On the server side, you can decode and verify the token. The ID of the logged in user is stored in the sub property of the JWT. To decode and verify the token, Atlassian provides a library called atlassian-jwt-js. Personally, I often run into problems with Atlassian libraries and find them to be coded in a rather unusual way, so I rather use a generic JWT library like jsonwebtoken.

You have to verify the JWTs against the sharedSecret that you received with the installed lifecycle event for that particular Confluence instance (the iss property of the JWT contains the clientKey, which you can use to look up the particular instance in your database where you persist the lifecycle payload).

You should make sure that you really understand the way JWTs work before going live with such an authentication mechanism.

Cust0mFirmware · February 16, 2021, 4:17pm

@candid Thank you for the detailed description!

I think this is a great starting point for my implementation, and now I have all the information I need.

Best regards