Removing authentication code from server side

Hi,

We want to know what are the effects of removing our “addon.authenticate()” code (from our node.js server side router section)? (This also means we will remove the authentication database settings from config.json)

We are focusing on faster app load time and we would lose this “authentication” logic from our server side if possible.

Our addon is simple enough that we don’t need any tokens, etc. on the server side, so we are fine with “not authenticating”.

But, we want to understand what the effects of this are? Will we end up allowing users to continue to use our AddOn some how long after Eval expiry? Or any thing else we might be missing?

Thanks for your feedback/suggestions.

Hi @praveen,

addon.authenticate() will verify a JWT token that gets sent to the route, and if it’s a valid token, will extract the details in the token for you (such as userId).

You can remove this for a route if you don’t care about unauthenticated requests or the JWT, but you won’t have any details in that route’s context such as the logged-in user’s ID or the instance’s baseUrl.

Thanks for the update!

What about our concerns on allowing users to continue to use the AddOn without a valid license?

Hi @praveen,

You can hide the access point to your app’s pages for unlicensed users by using the “addon_is_licensed” condition in your descriptor. See: https://developer.atlassian.com/cloud/jira/platform/modules/page/