Unable to decode Symmetric JWT token error after database dump restored on another server

Hello,

We are experiencing a strange behavior of the Jira Cloud app using Atlassian Connect.

What we did:

  1. installed an app using the private listing into our test Jira Cloud.
  2. created a database dump with tenant info of that test Jira.
  3. restored the dump in another database instance located on another server
  4. adjusted database connection string so that our Cloud Jira app used the new database.

Since nothing changed in the app descriptor our assumption was that the app would just work, but we received the following error when opening the app:

“Unable to decode Symmetric JWT token. Signature verification failed for input:…”

During one of our tests we noticed that sharedSecret in AddonSettings.val column changed after the app was restarted, but was not reinstalled in the test Jira.

After we reinstalled the app in test Jira sharedSecret also changed and the app started working normally.

This issue currently blocks us from migrating to a new infrastructure because in this case, customers will have to reinstall the app which is not how it should be.

Any suggestions are appreciated.

Thanks,
Vasiliy

1 Like

Hi Vasiliy,
I’d like to understand the steps you have taken. Please confirm my understanding:

installed an app using the private listing into our test Jira Cloud.

This is normal Connect app installation process

created a database dump with tenant info of that test Jira.
restored the dump in another database instance located on another server
adjusted database connection string so that our Cloud Jira app used the new database.

To be clear, this is a database dump of your app’s data and these steps do not involve any operation on the Jira side. Your service is still located at the same URL and is just connected to the new database.

Since Connect code on the Jira side has no idea about your database location this should indeed work as expected.

Is there any window where the service was online with the old database after the database dump was made? Is it possible that the app’s secret was updated between steps 2 and 3 so that the restored DB is missing a change?

I’d suggest you create a DEVHELP ticket with details on your Jira instance name and timing of your various operations. We can then look at our logs to see what is happening on our side.

Hi @cmacneill

Thank you for your feedback, I’ve created a DEVHELP ticket - Jira Service Management

The time between steps 2 and 3 took about 5 minutes so technically the secret could change. I’ve provided more details in the support ticket.

Regards,
Vasiliy