Verifying user identity in an external application using JWTs

Hi there,

I have been trying to make an app on the backend communicate with forge. This works, but since it handles sensitive information, I would also like to verify on the backend that the person making a request to the backend is also really a user of my jira app. After a bit of research, it seems to me that using atlassian-connect is the best way to do so - where on the frontend it will send a json web token (JWT) along with the request, which will be verified on the backend. I have already installed the app in jira and in the backend it now verifies (and rejects) every request sent. Ideally I would also like to be able to see if the user has the right permissions to do this action, but that’s of secondary concern.

My question is then, how do I generate this JWT to be sent along with the request?

Thank you in advance!