I am currently working on my first connect add-on. I use the dialog component to prompt for user input.
Now, I’m searching for the recommended approach to send this user inputs back to the Node.js server.
AP.request is there for making requests against the Confluence REST API.
To make requests against your own backend, you can use whatever you like. I assume you are using an express server. In that case add a new route to your express app. Find more information in the docs, and plenty of tutorials can be found online how to implement a REST API with express.
For the frontend, I recommend using the Fetch API to make requests against your backend.
Thanks for the clarification
I think implementing it with fetch and express will be the way to go for me - I am already familiar with this from other (non Altassian) projects.
One more questions came to my mind:
What would be best practice regarding authentication if I perform the query with fetch myself?
It really depends what you are trying to achieve. Confluence passes a
jwt query parameter to the iframes of your modules (more info about JWT). You can send this JWT along with the requests to your backend. The JWT expires after a while, if you want to make a request some time after the iframe has loaded, you can generate a new JWT using
On the server side, you can decode and verify the token. The ID of the logged in user is stored in the
sub property of the JWT. To decode and verify the token, Atlassian provides a library called atlassian-jwt-js. Personally, I often run into problems with Atlassian libraries and find them to be coded in a rather unusual way, so I rather use a generic JWT library like jsonwebtoken.
You have to verify the JWTs against the
sharedSecret that you received with the
installed lifecycle event for that particular Confluence instance (the
iss property of the JWT contains the
clientKey, which you can use to look up the particular instance in your database where you persist the lifecycle payload).
You should make sure that you really understand the way JWTs work before going live with such an authentication mechanism.
@candid Thank you for the detailed description!
I think this is a great starting point for my implementation, and now I have all the information I need.