Shared secret changes on each reinstall - should it be that way?

Jira Development Jira Cloud
, ,
1

Hi,

It was my understanding that tenant’s shared secret stays the same if an add-on is being reinstalled after uninstall. (See https://developer.atlassian.com/static/connect/docs/latest/concepts/authentication.html the “Signing of the Lifecycle Callbacks” clause).

However, when testing on my JIRA Cloud instance I see that shared secret changes each time I uninstall and then reinstall an add-on (when calling to the installed lifecycle callback).

Could someone please explain:

  1. Is shared secret supposed to change each time after uninstall/reinstall of an add-on?
  2. If yes, how can I securely authenticate a tenant to link them to their previous data after reinstallation?

Thanks!

2
  1. Yes, this is correct.
  2. You authenticate the subsequent installed call with the previous shared secret like any other request, and then go on to update the shared secret in the database
1 Like
4

Please note (based on our experience) that once every 100-1000 “installed” events you will manage to process the webhooks but the response may not come back to JIRA and then such a JIRA is stucked until manually fixed.