Rejected incoming request for controller requiring JWT authentication (GET /viewmetrics)

prathyusha.gali · December 20, 2017, 5:24am

I am developing an Atlassian spring-boot connect addon. I get the following error “Rejected incoming request for controller requiring JWT authentication (GET /viewmetrics)” when trying to access /viewmetrics page. I have added authentication type JWT in my descriptor file and passed the “@AuthenticationPrincipal AtlassianHostUser hostUser” parameter to my controller method. Why am I facing this error? please help.

epehrson · December 20, 2017, 9:36am

@prathyusha.gali, how are you trying to access /viewmetrics?

JWT-authenticated endpoints in your add-on can only be accessed by an Atlassian product in which the add-on is installed. I assume your endpoint is meant to render content, so you should use it as the iframe URL of a UI module specified in your add-on descriptor, e.g. a Web Panel.

bmami · February 5, 2021, 11:33am

Hello @epehrson. I need your assistance in the the same issue. So, let’s assume, that I have atlassian-connect-spring-boot app with some endpoints to 3rd party-services inside it e.g. /users, /etc… And also I have react app inside my spring-boot-app, that makes call to that endpoints. But I’m getting [Rejected incoming request for controller requiring JWT authentication] and I’ve also have added authentication type JWT in my descriptor file and passed the “@AuthenticationPrincipal AtlassianHostUser hostUser” parameter to my controller method.

So as per your answer, I should put all my endpoints to atlassian-connect.json descriptor under WebPanel tag?

epehrson · February 5, 2021, 11:52am

Hi @bmami, welcome to the Developer Community! A small tip though, you will generally have better luck if you create a new thread instead of reusing a three-year-old one…

I’m not sure if I understand your question. Is your React app rendered as a Connect iframe? If so, you can use AP.context.getToken() for obtaining a JWT token to authenticate requests to other JWT-authenticated endpoints provided by your app.

bmami · February 5, 2021, 12:12pm

Excuse me for discussing it here, because I’ve got the same issue here and found this topic in google. So if I use AP.context.getToken()` I will be able to make controller calls from my service, right? In this case it will check with @AuthenticationPrincipal AtlassianHostUser hostUser and should give me success result. Because for now I have to use @IgnoreJwt to get success response