An error with JWT, where I'm wrong?

[Vitaliy]

Hi,

I want to make an API call using the Atlassian Connect ('/rest/api/2/project') and I have a problem with authorization (verifying/making a JWT token).

My instruction: https://developer.atlassian.com/static/connect/docs/concepts/authentication.html.

My atlassian-connect.json:

{

    "name": "People Addon",

    "description": "Atlassian Connect add-on",

    "key": "x_people_addon",

    "baseUrl": "http://localhost:8000",

    "vendor": {

        "name": "My Organization, Inc",

        "url": "https://developer.atlassian.com"

    },

    "version": "1.0",

    "authentication": {

        "type": "jwt"

    },

    "lifecycle": {

        "installed": "/addon/hooks/installed/",

        "disabled": "/addon/hooks/disabled/",

        "enabled": "/addon/hooks/enabled/",

        "uninstalled": "/addon/hooks/uninstalled/"

    },

    "modules": {

        "generalPages": [

            {

                "url": "/addon/",

                "name": {

                    "value": "Click Me"

                }

            }

        ]

    }

}

My code:

import urllib

import jwt

import hashlib

import datetime

import calendar

import requests

import urlparse

#from addon.models import JWT - COMMENTED FOR TESTS

class JWTModelForTest(object):

    # DIGITS FROM MY DB

    client_key = 'jira:7a3b4c77-cfc3-4071-aae5-a887d197dc9d'

    base_url = 'http://localhost:2990/jira'

    shared_secret = '55538c16-1dd5-47d5-9b92-efe77fc2b5dd'

def calc_qsh(method, url):

    print u'\n\n-- Call: calc_qsh(%s, %s)' % (method, url)

    parsed_query = urlparse.parse_qs(urlparse.urlparse(url).query)

    params = parsed_query.items()

    params.sort()

    print u'-- Sorted params: %s' % params

    canonical_request = u''

    for p in params:

        if p[0] not in [u'jwt', ]:

            param_values = p[1]

            _res = []

            for pv in param_values:

                _res.append(urllib.quote_plus(pv).replace(u'+', u'%20').replace(u'%7E', u'~'))

            _res.sort()

            canonical_request += u'&%s=%s' % (p[0], ','.join(_res))

    if not params:

        canonical_request = u'&'

    print u'-- Canonical request (sorted): %s' % canonical_request

    qsh = u'&%(method)s&%(path)s%(query)s' % {'method': method.upper(),

                                              'path': urlparse.urlparse(url).path,

                                              'query': canonical_request}

    print u'-- QSH (without sha256): %s' % qsh

    return hashlib.sha256(qsh).hexdigest()

def send_jira_request(incoming_jwt, url, method, data={}):

    # find the client_key in the database by 'iss' from atlassian JWT

    jwt_decoded = jwt.decode(incoming_jwt, verify=False)

    print u'-- JWT from request: %s' % jwt_decoded

    #jwt_model = JWT.objects.get(client_key=jwt_decoded['iss'])

    jwt_model = JWTModelForTest()

    # url for request

    full_url = jwt_model.base_url + url

    print u'-- Full Url: %s' % full_url

    # verify QSH from Atlassian

    print u'-- Verify QSH from JWT token'

    calculated_qsh = calc_qsh('GET', '/addon/?lic=none&tz=Europe%2FMoscow&cp=%2Fjira&user_key=admin&loc=en-US&user_id=admin&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzODk3OTk4NDgsInN1YiI6ImFkbWluIiwiaXNzIjoiamlyYTo3YTNiNGM3Ny1jZmMzLTQwNzEtYWFlNS1hODg3ZDE5N2RjOWQiLCJxc2giOiIzYTZmZjFiNjZmNjBlYjI3NWQwZTRjYjZiZTQyNjFkNWQzYjAyMTZiOTFjNThkYzY1MjQ1MDkyMjdlZjM0NmRlIiwiaWF0IjoxMzg5Nzk5NjY4fQ.2rjL0v-1BnZ7m462ngRZPsKY_LosFmJZV45Ln35mC2w&xdm_e=http%3A%2F%2Flocalhost%3A2990&xdm_c=channel-servlet-click-me&xdm_p=1')

    print u'-- QSH from JWT and calculated: %s, %s' % (jwt_decoded['qsh'], calculated_qsh)

    if jwt_decoded['qsh'] != calculated_qsh:

        print u'!!-- ERROR, %s != %s' % (jwt_decoded['qsh'], calculated_qsh)

    # calc atlassian "qsh"

    qsh = calc_qsh(method, full_url)

    print u'-- QSH (sha256): %s' % qsh

    # make a payload for JWT

    iat = datetime.datetime.utcnow()

    exp = iat + datetime.timedelta(minutes=3)

    jwt_payload = {

        'iss': jwt_model.client_key,

        'iat': calendar.timegm(iat.utctimetuple()),

        'exp': calendar.timegm(exp.utctimetuple()),

        'qsh': qsh,

        'sub': jwt_decoded['sub']

    }

    print u'-- Making Payload: %s' % jwt_payload

    # make a JWT with this payload

    new_jwt = jwt.encode(jwt_payload, jwt_model.shared_secret)

    print u'-- New JWT: %s' % new_jwt

    # make request to Jira

    headers = {'Authorization': u'JWT %s' % new_jwt, 'Content-Type': 'application/json'}

    if method == 'GET':

        r = requests.get(full_url, params={'jwt': new_jwt}, headers=headers)

    elif method in ['POST', 'PUT']:

        r = requests.post(full_url, params={'jwt': new_jwt}, headers=headers, data=data)

    else:

        raise Exception('Unimplemented')

    print u'-- Url from query: %s' % r.url

    print u'-- Status code: %s' % r.status_code

    try:

        return r.json()

    except Exception as e:

        return {}

print 'TRY TO SEND REQUEST'

print '-------------------'

print '\n'

send_jira_request(request.GET.get('jwt'), '/rest/api/2/project', 'GET', {})

Output:

TRY TO SEND REQUEST

-------------------

-- JWT from request: {u'iss': u'jira:7a3b4c77-cfc3-4071-aae5-a887d197dc9d', u'iat': 1389800990, u'qsh': u'3a6ff1b66f60eb275d0e4cb6be4261d5d3b0216b91c58dc6524509227ef346de', u'sub': u'admin', u'exp': 1389801170}

-- Full Url: http://localhost:2990/jira/rest/api/2/project

-- Verify QSH from JWT token

-- Call: calc_qsh(GET, /addon/?lic=none&tz=Europe%2FMoscow&cp=%2Fjira&user_key=admin&loc=en-US&user_id=admin&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzODk3OTk4NDgsInN1YiI6ImFkbWluIiwiaXNzIjoiamlyYTo3YTNiNGM3Ny1jZmMzLTQwNzEtYWFlNS1hODg3ZDE5N2RjOWQiLCJxc2giOiIzYTZmZjFiNjZmNjBlYjI3NWQwZTRjYjZiZTQyNjFkNWQzYjAyMTZiOTFjNThkYzY1MjQ1MDkyMjdlZjM0NmRlIiwiaWF0IjoxMzg5Nzk5NjY4fQ.2rjL0v-1BnZ7m462ngRZPsKY_LosFmJZV45Ln35mC2w&xdm_e=http%3A%2F%2Flocalhost%3A2990&xdm_c=channel-servlet-click-me&xdm_p=1)

-- Sorted params: [('cp', ['/jira']), ('jwt', ['eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzODk3OTk4NDgsInN1YiI6ImFkbWluIiwiaXNzIjoiamlyYTo3YTNiNGM3Ny1jZmMzLTQwNzEtYWFlNS1hODg3ZDE5N2RjOWQiLCJxc2giOiIzYTZmZjFiNjZmNjBlYjI3NWQwZTRjYjZiZTQyNjFkNWQzYjAyMTZiOTFjNThkYzY1MjQ1MDkyMjdlZjM0NmRlIiwiaWF0IjoxMzg5Nzk5NjY4fQ.2rjL0v-1BnZ7m462ngRZPsKY_LosFmJZV45Ln35mC2w']), ('lic', ['none']), ('loc', ['en-US']), ('tz', ['Europe/Moscow']), ('user_id', ['admin']), ('user_key', ['admin']), ('xdm_c', ['channel-servlet-click-me']), ('xdm_e', ['http://localhost:2990']), ('xdm_p', ['1'])]

-- Canonical request (sorted): &cp=%2Fjira&lic=none&loc=en-US&tz=Europe%2FMoscow&user_id=admin&user_key=admin&xdm_c=channel-servlet-click-me&xdm_e=http%3A%2F%2Flocalhost%3A2990&xdm_p=1

-- QSH (without sha256): &GET&/addon/&cp=%2Fjira&lic=none&loc=en-US&tz=Europe%2FMoscow&user_id=admin&user_key=admin&xdm_c=channel-servlet-click-me&xdm_e=http%3A%2F%2Flocalhost%3A2990&xdm_p=1

-- QSH from JWT and calculated: 3a6ff1b66f60eb275d0e4cb6be4261d5d3b0216b91c58dc6524509227ef346de, 057016bf50c21ab81f6e32310b96dda89743b3ed74bb1518eefe3b4847ef53eb

!!-- ERROR, 3a6ff1b66f60eb275d0e4cb6be4261d5d3b0216b91c58dc6524509227ef346de != 057016bf50c21ab81f6e32310b96dda89743b3ed74bb1518eefe3b4847ef53eb

-- Call: calc_qsh(GET, http://localhost:2990/jira/rest/api/2/project)

-- Sorted params: []

-- Canonical request (sorted): &

-- QSH (without sha256): &GET&/jira/rest/api/2/project&

-- QSH (sha256): 8e3bda9a9e2288b7fdfb5b279fcfcea7543813669d246f8af2310659dfd045ab

-- Making Payload: {'iss': 'jira:7a3b4c77-cfc3-4071-aae5-a887d197dc9d', 'iat': 1389800991, 'qsh': '8e3bda9a9e2288b7fdfb5b279fcfcea7543813669d246f8af2310659dfd045ab', 'sub': u'admin', 'exp': 1389801171}

-- New JWT: eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiamlyYTo3YTNiNGM3Ny1jZmMzLTQwNzEtYWFlNS1hODg3ZDE5N2RjOWQiLCAiaWF0IjogMTM4OTgwMDk5MSwgInFzaCI6ICI4ZTNiZGE5YTllMjI4OGI3ZmRmYjViMjc5ZmNmY2VhNzU0MzgxMzY2OWQyNDZmOGFmMjMxMDY1OWRmZDA0NWFiIiwgInN1YiI6ICJhZG1pbiIsICJleHAiOiAxMzg5ODAxMTcxfQ.Yblw0A5UCwZkZSLVsJzIwcoCYIfwadXegEQMJY0vLAA

-- Url from query: http://localhost:2990/jira/rest/api/2/project?jwt=eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiamlyYTo3YTNiNGM3Ny1jZmMzLTQwNzEtYWFlNS1hODg3ZDE5N2RjOWQiLCAiaWF0IjogMTM4OTgwMDk5MSwgInFzaCI6ICI4ZTNiZGE5YTllMjI4OGI3ZmRmYjViMjc5ZmNmY2VhNzU0MzgxMzY2OWQyNDZmOGFmMjMxMDY1OWRmZDA0NWFiIiwgInN1YiI6ICJhZG1pbiIsICJleHAiOiAxMzg5ODAxMTcxfQ.Yblw0A5UCwZkZSLVsJzIwcoCYIfwadXegEQMJY0vLAA

-- Status code: 401

{}

Where I'm wrong?

Thanks.

[Peter Brownlow]

Hi Vitaliy,

There are two details that you need to correct.

• As you can see in the example in point #5 at <https://developer.atlassian.com/static/connect/docs/concepts/authentication.html#qsh> your canonical request should start with "GET" rather than "&GET".
• As described in point #3 and as shown in the example in point #5 the canonical path should NOT end with a "/" character (i.e. "/addon/&cp" should be "/addon&cp").

With these corrections I have calculated the same qsh value as you received.

Hopefully these corrections also allow you to successfully compute the outgoing qsh claims. If not then reading the JIRA logs may be useful as they will tell you the qsh value that JIRA is calculating.

-Peter

[Seb Ruiz]

Hi Vitaliy,

In addition to Peter's response, please upgrade to Atlassian Connect 1.0-m27 as this fixes an issue with JIRA/Confluence accepting valid incoming JWT claims.

Cheers!

Seb

--
You received this message because you are subscribed to the Google Groups "Atlassian Connect Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to atlassian-connec...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Seb Ruiz

Atlassian

[Vitaliy]

I fixed the error with query string hash and I still get an error with authorization (error 401). Look at my headers please... It's correct? Thanks!

TRY TO SEND REQUEST

-------------------

-- JWT from the request header: {u'iss': u'jira:7a3b4c77-cfc3-4071-aae5-a887d197dc9d', u'iat': 1389874386, u'qsh': u'3a6ff1b66f60eb275d0e4cb6be4261d5d3b0216b91c58dc6524509227ef346de', u'sub': u'admin', u'exp': 1389874566}

-- Full Url: http://localhost:2990/jira/rest/api/2/project

-- Verify QSH from JWT token

-- Call: create_canonical_request(GET, /addon/?lic=none&tz=Europe%2FMoscow&cp=%2Fjira&user_key=admin&loc=en-US&user_id=admin&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzODk4NzQ1NjYsInN1YiI6ImFkbWluIiwiaXNzIjoiamlyYTo3YTNiNGM3Ny1jZmMzLTQwNzEtYWFlNS1hODg3ZDE5N2RjOWQiLCJxc2giOiIzYTZmZjFiNjZmNjBlYjI3NWQwZTRjYjZiZTQyNjFkNWQzYjAyMTZiOTFjNThkYzY1MjQ1MDkyMjdlZjM0NmRlIiwiaWF0IjoxMzg5ODc0Mzg2fQ.WFg8X0Ngxc4bmto0PbJ5JKhbn8fAbJMvmRo35V3cL6o&xdm_e=http%3A%2F%2Flocalhost%3A2990&xdm_c=channel-servlet-click-me&xdm_p=1)

-- Canonical request (sorted): GET&/addon&cp=%2Fjira&lic=none&loc=en-US&tz=Europe%2FMoscow&user_id=admin&user_key=admin&xdm_c=channel-servlet-click-me&xdm_e=http%3A%2F%2Flocalhost%3A2990&xdm_p=1

-- QSH from JWT and calculated: 3a6ff1b66f60eb275d0e4cb6be4261d5d3b0216b91c58dc6524509227ef346de and 3a6ff1b66f60eb275d0e4cb6be4261d5d3b0216b91c58dc6524509227ef346de

-- SUCCESS, THEY ARE IDENTICAL!

-- Call: create_canonical_request(GET, http://localhost:2990/jira/rest/api/2/project)

-- Canonical request (sorted): GET&/jira/rest/api/2/project&

-- QSH (sha256): 670cbb0f3fe2ca0e96e96177ff96bb7f89aab9c46a2319bcea02feee0a0d8ea6

-- Making Payload: {'iss': u'jira:7a3b4c77-cfc3-4071-aae5-a887d197dc9d', 'iat': 1389874387, 'qsh': '670cbb0f3fe2ca0e96e96177ff96bb7f89aab9c46a2319bcea02feee0a0d8ea6', 'sub': u'admin', 'exp': 1389874987}

-- New JWT: eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiamlyYTo3YTNiNGM3Ny1jZmMzLTQwNzEtYWFlNS1hODg3ZDE5N2RjOWQiLCAiaWF0IjogMTM4OTg3NDM4NywgInFzaCI6ICI2NzBjYmIwZjNmZTJjYTBlOTZlOTYxNzdmZjk2YmI3Zjg5YWFiOWM0NmEyMzE5YmNlYTAyZmVlZTBhMGQ4ZWE2IiwgInN1YiI6ICJhZG1pbiIsICJleHAiOiAxMzg5ODc0OTg3fQ.xxelO9HawDNAwHI7lBd2pUcJ2f4P8KI90mnW9h8zFtg

-- Try to send request

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

send: 'GET /jira/rest/api/2/project?jwt=eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiamlyYTo3YTNiNGM3Ny1jZmMzLTQwNzEtYWFlNS1hODg3ZDE5N2RjOWQiLCAiaWF0IjogMTM4OTg3NDM4NywgInFzaCI6ICI2NzBjYmIwZjNmZTJjYTBlOTZlOTYxNzdmZjk2YmI3Zjg5YWFiOWM0NmEyMzE5YmNlYTAyZmVlZTBhMGQ4ZWE2IiwgInN1YiI6ICJhZG1pbiIsICJleHAiOiAxMzg5ODc0OTg3fQ.xxelO9HawDNAwHI7lBd2pUcJ2f4P8KI90mnW9h8zFtg HTTP/1.1\r\nHost: localhost:2990\r\nAccept: */*\r\nContent-Type: application/json;charset=UTF-8\r\nAccept-Encoding: gzip, deflate, compress\r\nAuthorization: JWT eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiamlyYTo3YTNiNGM3Ny1jZmMzLTQwNzEtYWFlNS1hODg3ZDE5N2RjOWQiLCAiaWF0IjogMTM4OTg3NDM4NywgInFzaCI6ICI2NzBjYmIwZjNmZTJjYTBlOTZlOTYxNzdmZjk2YmI3Zjg5YWFiOWM0NmEyMzE5YmNlYTAyZmVlZTBhMGQ4ZWE2IiwgInN1YiI6ICJhZG1pbiIsICJleHAiOiAxMzg5ODc0OTg3fQ.xxelO9HawDNAwHI7lBd2pUcJ2f4P8KI90mnW9h8zFtg\r\nUser-Agent: python-requests/2.2.0 CPython/2.7.6 Darwin/13.0.0\r\n\r\n'

reply: 'HTTP/1.1 401 Unauthorized\r\n'

header: Server: Apache-Coyote/1.1

header: X-Content-Type-Options: nosniff

header: Set-Cookie: JSESSIONID=E48EAE5281BE553BF18FCC8B256C81AD; Path=/jira/; HttpOnly

header: Content-Type: text/html;charset=ISO-8859-1

header: Transfer-Encoding: chunked

header: Date: Thu, 16 Jan 2014 12:13:07 GMT

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

None

this is a request from Jira

[16/Jan/2014 12:13:07] "GET /addon/?lic=none&tz=Europe%2FMoscow&cp=%2Fjira&user_key=admin&loc=en-US&user_id=admin&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzODk4NzQ1NjYsInN1YiI6ImFkbWluIiwiaXNzIjoiamlyYTo3YTNiNGM3Ny1jZmMzLTQwNzEtYWFlNS1hODg3ZDE5N2RjOWQiLCJxc2giOiIzYTZmZjFiNjZmNjBlYjI3NWQwZTRjYjZiZTQyNjFkNWQzYjAyMTZiOTFjNThkYzY1MjQ1MDkyMjdlZjM0NmRlIiwiaWF0IjoxMzg5ODc0Mzg2fQ.WFg8X0Ngxc4bmto0PbJ5JKhbn8fAbJMvmRo35V3cL6o&xdm_e=http%3A%2F%2Flocalhost%3A2990&xdm_c=channel-servlet-click-me&xdm_p=1 HTTP/1.1" 200 2803

Vitaliy

четверг, 16 января 2014 г., 4:56:30 UTC+4 пользователь Seb Ruiz написал:

To unsubscribe from this group and stop receiving emails from it, send an email to atlassian-connect-dev+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Seb Ruiz

Atlassian

[Vitaliy]

I got an error in the JIRA logs:

com.atlassian.jwt.exception.JwtUnknownIssuerException: jira:jira:7a3b4c77-cfc3-4071-aae5-a887d197dc9d
    at com.atlassian.jwt.core.reader.NimbusJwtReaderFactory.validateIssuer(NimbusJwtReaderFactory.java:55)
    at com.atlassian.jwt.core.reader.NimbusJwtReaderFactory.getReader(NimbusJwtReaderFactory.java:34)
    at com.atlassian.jwt.plugin.applinks.ApplinksJwtService.verifyJwt(ApplinksJwtService.java:44)
    at com.atlassian.jwt.plugin.sal.JwtAuthenticator.verifyJwt(JwtAuthenticator.java:131)
    at com.atlassian.jwt.plugin.sal.JwtAuthenticator.authenticate(JwtAuthenticator.java:117)
    at com.atlassian.jwt.plugin.sal.JwtAuthenticator.authenticate(JwtAuthenticator.java:64)
    at com.atlassian.jwt.plugin.servlet.JwtAuthFilter.mayProceed(JwtAuthFilter.java:62)
    at com.atlassian.jwt.plugin.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:30)

But I has received this Issuer at the begin and save it to db! Look at this:

{
  "key": "com.supersite.super_addon",
  "clientKey": "jira:7a79acea-b861-4361-aa61-b8edf3aa51c0",
  "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIiZqkZ9tvG1raZPJFuZpuVAsNQIBZCyHpgRCBkckfscXyo8uUxsDOigieypTmJL6y1Vndv8DRnMJHthtXzHVT0FC4eEdnLj1So6Vt7HvvISSAUAMqnA9bRjPUhrbOMe7M6eBy3GICvyO8NBu5qfHbKxCQJ7pCKjwA53UNdfNnpQIDAQAB",
  "serverVersion": "6210",
  "pluginsVersion": "1.0.0.m27",
  "baseUrl": "http://MacBook-Pro-Vitaliy.local:2990/jira",
  "productType": "jira",
  "description": "Atlassian JIRA at http://MacBook-Pro-Vitaliy.local:2990/jira",
  "eventType": "enabled"
}

What is it?

[16/Jan/2014 14:46:14] "POST /addon/hooks/enabled/ HTTP/1.1" 200 2

четверг, 16 января 2014 г., 16:39:54 UTC+4 пользователь Vitaliy написал:

[Seb Ruiz]

What is the command you used to start JIRA?

To unsubscribe from this group and stop receiving emails from it, send an email to atlassian-connec...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Seb Ruiz

Atlassian

[Peter Brownlow]

Hi Vitaliy,

When your add-on sends a request to JIRA then your add-on is the issuer and the add-on's key is what you should put in the issuer claim. In the "installed" callback you received:

"key": "com.supersite.super_addon"

This is the same as the "key" in your JSON descriptor.

You are currently putting the JIRA instance's id in the issuer claim, which does not make sense as this tells JIRA that it has received a request from itself. The issuer claim tells the receiver who wrote the JWT token.

When you receive a request containing a JWT token from a JIRA instance then the issuer claim will contain the clientKey (i.e. the id) of that JIRA instance.

-Peter

[Vitaliy]

$ atlas-run-standalone --product jira --version 6.2-OD-06-43 --bundled-plugins com.atlassian.plugins:atlassian-connect-plugin:1.0-m27,com.atlassian.jwt:jwt-plugin:1.0-m6,com.atlassian.upm:atlassian-universal-plugin-manager-plugin:2.14.5,com.atlassian.bundles:json-schema-validator-atlassian-bundle:1.0-m0 --jvmargs -Datlassian.upm.on.demand=true

and

$ atlas-run-standalone --product jira --version 6.2-OD-06-43 --bundled-plugins com.atlassian.plugins:atlassian-connect-plugin:1.0-m27,com.atlassian.jwt:jwt-plugin:1.0-m7,com.atlassian.upm:atlassian-universal-plugin-manager-plugin:2.14.5,com.atlassian.bundles:json-schema-validator-atlassian-bundle:1.0-m0 --jvmargs -Datlassian.upm.on.demand=true

An error occurs in both cases.

пятница, 17 января 2014 г., 1:37:38 UTC+4 пользователь Seb Ruiz написал:

To unsubscribe from this group and stop receiving emails from it, send an email to atlassian-connect-dev+unsubscri...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Seb Ruiz

Atlassian

--
You received this message because you are subscribed to the Google Groups "Atlassian Connect Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to atlassian-connect-dev+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Seb Ruiz

Atlassian

[Vitaliy]

Hi Peter,

I was guided a string from the manual: ' "iss": The issuer identifier. Use your add-on's client key that you received in the "installed" lifecycle callback.". '

JIRA crashing with error 500  when I send a "key" of my add-on (com.supersite.super_addon) in the "iss" field.

# Making Payload: {u'iss': u'com.moskrc.people-directory-addon', u'iat': 1389926668, u'qsh': '670cbb0f3fe2ca0e96e96177ff96bb7f89aab9c46a2319bcea02feee0a0d8ea6', u'sub': u'admin', u'exp': 1389926848}

send: 'GET /jira/rest/api/2/project?jwt=eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiY29tLm1vc2tyYy5wZW9wbGUtZGlyZWN0b3J5LWFkZG9uIiwgImlhdCI6IDEzODk5MjY2NjgsICJxc2giOiAiNjcwY2JiMGYzZmUyY2EwZTk2ZTk2MTc3ZmY5NmJiN2Y4OWFhYjljNDZhMjMxOWJjZWEwMmZlZWUwYTBkOGVhNiIsICJzdWIiOiAiYWRtaW4iLCAiZXhwIjogMTM4OTkyNjg0OH0.pCejhmh8OPtlfHnOiNke2Z2rI46wnAfjOX24AuYZ9P8 HTTP/1.1\r\nHost: MacBook-Pro-Vitaliy.local:2990\r\nAccept: */*\r\nContent-Type: application/json;charset=UTF-8\r\nAccept-Encoding: gzip, deflate, compress\r\nAuthorization: JWT eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiY29tLm1vc2tyYy5wZW9wbGUtZGlyZWN0b3J5LWFkZG9uIiwgImlhdCI6IDEzODk5MjY2NjgsICJxc2giOiAiNjcwY2JiMGYzZmUyY2EwZTk2ZTk2MTc3ZmY5NmJiN2Y4OWFhYjljNDZhMjMxOWJjZWEwMmZlZWUwYTBkOGVhNiIsICJzdWIiOiAiYWRtaW4iLCAiZXhwIjogMTM4OTkyNjg0OH0.pCejhmh8OPtlfHnOiNke2Z2rI46wnAfjOX24AuYZ9P8\r\nUser-Agent: python-requests/2.2.0 CPython/2.7.6 Darwin/13.0.0\r\n\r\n'

reply: 'HTTP/1.1 500 Internal Server Error\r\n'

header: Server: Apache-Coyote/1.1

header: X-AREQUESTID: 404x1403x1

header: X-Content-Type-Options: nosniff

header: Content-Type: text/html;charset=UTF-8

header: Transfer-Encoding: chunked

header: Date: Fri, 17 Jan 2014 02:44:27 GMT

header: Connection: close

Vit

пятница, 17 января 2014 г., 3:56:04 UTC+4 пользователь Peter Brownlow написал:

[Seb Ruiz]

Hi Vitaliy,

That 500 error is definitely bad, we'll take a look. Can you provide any JIRA logs?

As for the error, the JWT iss that you are supplying isn't 'com.supersite.super_addon', but 'com.moskrc.people-directory-addon'. Not sure if this was a mistake in your email or in your code but that could be the problem.

Seb

To unsubscribe from this group and stop receiving emails from it, send an email to atlassian-connec...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Seb Ruiz

Atlassian

[Vitaliy]

Hi Seb,

About: " 'com.supersite.super_addon' and 'com.moskrc.people-directory-addon'" - it's ok. Don't worry. I add a new add-on with a new key. It's all correct.

Logs:

2014-01-17 08:30:56,407 http-bio-2990-exec-21 INFO anonymous 510x2653x1 ew2bpx 0:0:0:0:0:0:0:1%0 /s/en_USs8w47l-1988229788/6210/3/2.0.11/_/download/resources/com.atlassian.devrel.developer-toolbox-plugin:dt-toolbar/images/ajax-loader.gif [plugins.workflow.servlet.JWDSendRedirectResponseWrapper] response wrapper created

2014-01-17 08:30:56,421 http-bio-2990-exec-15 INFO anonymous 510x2654x2 - 172.20.10.3 /rest/api/2/project [plugins.workflow.servlet.JWDSendRedirectFilter] send redirect filter running

2014-01-17 08:30:56,421 http-bio-2990-exec-15 INFO anonymous 510x2654x2 - 172.20.10.3 /rest/api/2/project [plugins.workflow.servlet.JWDSendRedirectResponseWrapper] response wrapper created

Jan 17, 2014 8:30:56 AM org.apache.catalina.core.StandardWrapperValve invoke

SEVERE: Servlet.service() for servlet [default] in context with path [/jira] threw exception [Filter execution threw an exception] with root cause

java.lang.NoClassDefFoundError: java/util/Objects

at com.atlassian.jwt.core.reader.JwtClaimEqualityVerifier.verify(JwtClaimEqualityVerifier.java:28)

at com.atlassian.jwt.core.reader.NimbusJwtReader.read(NimbusJwtReader.java:115)

at com.atlassian.jwt.plugin.applinks.ApplinksJwtService.verifyJwt(ApplinksJwtService.java:44)

at com.atlassian.jwt.plugin.sal.ApplinksJwtAuthenticator.verifyJwt(ApplinksJwtAuthenticator.java:57)

at com.atlassian.jwt.core.http.auth.AbstractJwtAuthenticator.verifyJwt(AbstractJwtAuthenticator.java:138)

at com.atlassian.jwt.core.http.auth.AbstractJwtAuthenticator.authenticate(AbstractJwtAuthenticator.java:80)

at com.atlassian.jwt.plugin.sal.ApplinksJwtAuthenticator.authenticate(ApplinksJwtAuthenticator.java:25)

at com.atlassian.jwt.plugin.servlet.JwtAuthFilter.mayProceed(JwtAuthFilter.java:66)

at com.atlassian.jwt.plugin.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:34)

at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)

at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)

at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)

at com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61)

at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)

at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)

at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)

at com.sysbliss.jira.plugins.workflow.servlet.JWDSendRedirectFilter.doFilter(JWDSendRedirectFilter.java:25)

at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)

at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)

at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77)

at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

at com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:87)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

at com.atlassian.core.filters.cache.AbstractCachingFilter.doFilter(AbstractCachingFilter.java:33)

at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

at com.atlassian.core.filters.encoding.AbstractEncodingFilter.doFilter(AbstractEncodingFilter.java:41)

at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)

at com.atlassian.jira.web.filters.PathMatchingEncodingFilter.doFilter(PathMatchingEncodingFilter.java:45)

at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

at com.atlassian.jira.startup.JiraStartupChecklistFilter.doFilter(JiraStartupChecklistFilter.java:78)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

at com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:87)

at com.atlassian.jira.web.filters.JiraFirstFilter.doFilter(JiraFirstFilter.java:57)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1008)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)

at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)

at java.lang.Thread.run(Thread.java:695)

2014-01-17 08:30:56,438 http-bio-2990-exec-15 DEBUG   -   [velocity] ResourceManager : found jira.footer:standard-footer/templates/plugins/footer/footer.vm with loader com.atlassian.jira.plugin.PluginVelocityResourceLoader

2014-01-17 08:30:56,440 http-bio-2990-exec-15 DEBUG   -   [org.objectweb.jotm.jta] Current.getStatus()

2014-01-17 08:30:56,440 http-bio-2990-exec-15 DEBUG   -   [org.objectweb.jotm.jta] Current.getStatus()

2014-01-17 08:30:56,448 http-bio-2990-exec-15 DEBUG   -   [org.objectweb.jotm.jta] Current.getStatus()

This occurs every time when I send this:

-- JWT from the request header: {u'iss': u'jira:7a79acea-b861-4361-aa61-b8edf3aa51c0', u'iat': 1389933053, u'qsh': u'0cde39b06afa9ae4df25daea7c309e0a58414f65abf5d0a5f1b184043357adcc', u'sub': u'admin', u'exp': 1389933233}

-- Full Url: http://MacBook-Pro-Vitaliy.local:2990/jira/rest/api/2/project

-- Verify QSH from JWT token

-- Call: create_canonical_request(GET, /addon/?lic=none&tz=Europe%2FMoscow&cp=%2Fjira&user_key=admin&loc=en-US&user_id=admin&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzODk5MzMyMzMsInN1YiI6ImFkbWluIiwiaXNzIjoiamlyYTo3YTc5YWNlYS1iODYxLTQzNjEtYWE2MS1iOGVkZjNhYTUxYzAiLCJxc2giOiIwY2RlMzliMDZhZmE5YWU0ZGYyNWRhZWE3YzMwOWUwYTU4NDE0ZjY1YWJmNWQwYTVmMWIxODQwNDMzNTdhZGNjIiwiaWF0IjoxMzg5OTMzMDUzfQ.XfN10XTID227t_1U5sToe4r5NlCJoPqeQ6ZWmpyhm_4&xdm_e=http%3A%2F%2Flocalhost%3A2990&xdm_c=channel-servlet-people-directory&xdm_p=1)

-- Canonical request (sorted): GET&/addon&cp=%2Fjira&lic=none&loc=en-US&tz=Europe%2FMoscow&user_id=admin&user_key=admin&xdm_c=channel-servlet-people-directory&xdm_e=http%3A%2F%2Flocalhost%3A2990&xdm_p=1

-- QSH from JWT and calculated: 0cde39b06afa9ae4df25daea7c309e0a58414f65abf5d0a5f1b184043357adcc and 0cde39b06afa9ae4df25daea7c309e0a58414f65abf5d0a5f1b184043357adcc

-- SUCCESS, THEY ARE IDENTICAL!

-- JWT WAS SUCCESSFULLY VERIFIED!

-- Call: create_canonical_request(GET, http://MacBook-Pro-Vitaliy.local:2990/jira/rest/api/2/project)

-- Canonical request (sorted): GET&/jira/rest/api/2/project&

-- QSH (sha256): 670cbb0f3fe2ca0e96e96177ff96bb7f89aab9c46a2319bcea02feee0a0d8ea6

-- Making Payload: {u'iss': u'com.moskrc.people-directory-addon', u'iat': 1389933056, u'qsh': '670cbb0f3fe2ca0e96e96177ff96bb7f89aab9c46a2319bcea02feee0a0d8ea6', u'sub': u'admin', u'exp': 1389933236}

-- New JWT: eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiY29tLm1vc2tyYy5wZW9wbGUtZGlyZWN0b3J5LWFkZG9uIiwgImlhdCI6IDEzODk5MzMwNTYsICJxc2giOiAiNjcwY2JiMGYzZmUyY2EwZTk2ZTk2MTc3ZmY5NmJiN2Y4OWFhYjljNDZhMjMxOWJjZWEwMmZlZWUwYTBkOGVhNiIsICJzdWIiOiAiYWRtaW4iLCAiZXhwIjogMTM4OTkzMzIzNn0.feJOwFD4Wnb_x4inzsfl-h36oR69vrpu-WT6MTXZsQ4

-- Try to send request

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

send: 'GET /jira/rest/api/2/project?jwt=eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiY29tLm1vc2tyYy5wZW9wbGUtZGlyZWN0b3J5LWFkZG9uIiwgImlhdCI6IDEzODk5MzMwNTYsICJxc2giOiAiNjcwY2JiMGYzZmUyY2EwZTk2ZTk2MTc3ZmY5NmJiN2Y4OWFhYjljNDZhMjMxOWJjZWEwMmZlZWUwYTBkOGVhNiIsICJzdWIiOiAiYWRtaW4iLCAiZXhwIjogMTM4OTkzMzIzNn0.feJOwFD4Wnb_x4inzsfl-h36oR69vrpu-WT6MTXZsQ4 HTTP/1.1\r\nHost: MacBook-Pro-Vitaliy.local:2990\r\nAccept: */*\r\nContent-Type: application/json;charset=UTF-8\r\nAccept-Encoding: gzip, deflate, compress\r\nAuthorization: JWT eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiY29tLm1vc2tyYy5wZW9wbGUtZGlyZWN0b3J5LWFkZG9uIiwgImlhdCI6IDEzODk5MzMwNTYsICJxc2giOiAiNjcwY2JiMGYzZmUyY2EwZTk2ZTk2MTc3ZmY5NmJiN2Y4OWFhYjljNDZhMjMxOWJjZWEwMmZlZWUwYTBkOGVhNiIsICJzdWIiOiAiYWRtaW4iLCAiZXhwIjogMTM4OTkzMzIzNn0.feJOwFD4Wnb_x4inzsfl-h36oR69vrpu-WT6MTXZsQ4\r\nUser-Agent: python-requests/2.2.0 CPython/2.7.6 Darwin/13.0.0\r\n\r\n'

reply: 'HTTP/1.1 500 Internal Server Error\r\n'

header: Server: Apache-Coyote/1.1

header: X-AREQUESTID: 510x2654x2

header: X-Content-Type-Options: nosniff

header: Content-Type: text/html;charset=UTF-8

header: Transfer-Encoding: chunked

header: Date: Fri, 17 Jan 2014 04:30:55 GMT

header: Connection: close

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

My atlassian-connect.json:

{

    "name": "People Directory",

    "description": "Atlassian Connect add-on",

    "key": "com.moskrc.people-directory-addon",

    "baseUrl": "http://localhost:8000",

    "vendor": {

        "name": "My Organization, Inc",

        "url": "https://developer.atlassian.com"

    },

    "version": "1.0",

    "authentication": {

        "type": "jwt"

    },

    "lifecycle": {

        "installed": "/addon/hooks/installed/",

        "disabled": "/addon/hooks/disabled/",

        "enabled": "/addon/hooks/enabled/",

        "uninstalled": "/addon/hooks/uninstalled/"

    },

    "modules": {

        "generalPages": [

            {

                "url": "/addon/",

                "name": {

                    "value": "People Directory"

                }

            }

        ]

    }

}

I ran JIRA:

$ atlas-run-standalone --product jira --version 6.2-OD-06-43 --bundled-plugins com.atlassian.plugins:atlassian-connect-plugin:1.0-m27,com.atlassian.jwt:jwt-plugin:1.0-m7,com.atlassian.upm:atlassian-universal-plugin-manager-plugin:2.14.5,com.atlassian.bundles:json-schema-validator-atlassian-bundle:1.0-m0 --jvmargs -Datlassian.upm.on.demand=true

and

$ atlas-run-standalone --product jira --version 6.2-OD-06-43 --bundled-plugins com.atlassian.plugins:atlassian-connect-plugin:1.0-m27,com.atlassian.jwt:jwt-plugin:1.0-m6,com.atlassian.upm:atlassian-universal-plugin-manager-plugin:2.14.5,com.atlassian.bundles:json-schema-validator-atlassian-bundle:1.0-m0 --jvmargs -Datlassian.upm.on.demand=true

пятница, 17 января 2014 г., 7:03:04 UTC+4 пользователь Seb Ruiz написал:

To unsubscribe from this group and stop receiving emails from it, send an email to atlassian-connect-dev+unsubscri...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Seb Ruiz

Atlassian

--
You received this message because you are subscribed to the Google Groups "Atlassian Connect Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to atlassian-connect-dev+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Seb Ruiz

Atlassian

[Marek]

Hello Vitally  Seb

So is this correct way to set the iss value ? Because dosc says 

• "iss": The issuer identifier. Use your add-on's client key that you received in the "installed" lifecycle callback.

I'm experiencing the same issue with the plugin key set as the iss. As the class java.util.Objects was introduced in java 7 Does it mean 

that the m27 release should be runned using java7 jdk?  

 

SEVERE: Servlet.service() for servlet [default] in context with path [/jira] threw exception [Filter execution threw an exception] with root cause

java.lang.ClassNotFoundException: java.util.Objects

at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1714)

at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)

..

..

[Peter Brownlow]

Hi Vitaliy,

 

I was guided a string from the manual: ' "iss": The issuer identifier. Use your add-on's client key that you received in the "installed" lifecycle callback.". '

I have corrected the docs for 1.0-m28 so that it says that the issuer that you specify on outgoing requests is your add-on's "key", not "client key". Thanks for the feedback.

-Peter 

[Peter Brownlow]

Hi Vitaliy, Marek,

A Java 7 reference did creep in to m27, so Marek is correct about running m27 with Java 7. I'll fix this up so that you can run m28 with Java 6. Apologies!

-Peter

[Vitaliy]

Ok. Thanks!

понедельник, 20 января 2014 г., 2:42:51 UTC+4 пользователь Peter Brownlow написал:

[Vitaliy]

I have no success yet :(

My plugin works correctly on local jira on demand instance, and it's not works on live. I'm getting an error 403 everytime.

My atlassian-conntect.json (from atlassian marketplace)

{
    "name": "People Directory",
    "description": "Atlassian Connect add-on",
    "key": "com.moskrc.people-directory-addon",

    "baseUrl": "https://blooming-beach-1348.herokuapp.com",
    "vendor": {
        "name": "Vitaliy",
        "url": "https://developer.atlassian.com"
    },
    "version": "1.2",

    "authentication": {
        "type": "jwt"
    },
    "lifecycle": {
        "installed": "/addon/hooks/installed/",
        "disabled": "/addon/hooks/disabled/",
        "enabled": "/addon/hooks/enabled/",
        "uninstalled": "/addon/hooks/uninstalled/"
    },

    "enableLicensing": true,
    "modules": {
        "generalPages": [
            {
                "url": "/addon/login/",
                "name": {
                    "value": "People Directory"
                },
                "conditions": [
                    {
                        "condition": "user_is_admin"
                    }
                ]
            }
        ]
    },
    "scopes": [
        "read",
        "write"
    ]
}

This is a log from my heroku instance.


2014-02-05T18:49:48.518500+00:00 app[web.1]: - PARAMS FROM GET. PRODUCT: jira:14053155, jira user name: vitaliy
2014-02-05T18:49:48.518500+00:00 app[web.1]: - Try to verify JWT
2014-02-05T18:49:48.518632+00:00 app[web.1]: - My URL: https://blooming-beach-1348.herokuapp.com/addon/login/?lic=active&tz=Europe%2FMoscow&cp=&user_key=vitaliy&loc=en-US&user_id=vitaliy&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzOTE2MjYzNjcsInN1YiI6InZpdGFsaXkiLCJpc3MiOiJqaXJhOjE0MDUzMTU1IiwicXNoIjoiNGViZTRmYTllOGYxYWIzMTI2NjY4NjZiMGMyNDc2NjZkOWQ0YmM2YTMzZTIxYzE4YjUwNjM1YjhjMGZiNWEwMiIsImlhdCI6MTM5MTYyNjE4N30.LBrtuIjkYBJ-Fw1mENawnJY8TteGnV-HgOwh5fX2pmA&xdm_e=https%3A%2F%2Fdaqri1.atlassian.net&xdm_c=channel-servlet-acmodule-5667103957470040716&xdm_p=1
2014-02-05T18:49:48.518632+00:00 app[web.1]: BEGIN VERIFING
2014-02-05T18:49:48.518900+00:00 app[web.1]: -- JWT from the request header: {u'sub': u'vitaliy', u'iss': u'jira:14053155', u'iat': 1391626187, u'exp': 1391626367, u'qsh': u'4ebe4fa9e8f1ab312666866b0c247666d9d4bc6a33e21c18b50635b8c0fb5a02'}
2014-02-05T18:49:48.520340+00:00 app[web.1]: -- Verify QSH from JWT token
2014-02-05T18:49:48.520340+00:00 app[web.1]: -- Call: create_canonical_request(GET, /addon/login/?lic=active&tz=Europe%2FMoscow&cp=&user_key=vitaliy&loc=en-US&user_id=vitaliy&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzOTE2MjYzNjcsInN1YiI6InZpdGFsaXkiLCJpc3MiOiJqaXJhOjE0MDUzMTU1IiwicXNoIjoiNGViZTRmYTllOGYxYWIzMTI2NjY4NjZiMGMyNDc2NjZkOWQ0YmM2YTMzZTIxYzE4YjUwNjM1YjhjMGZiNWEwMiIsImlhdCI6MTM5MTYyNjE4N30.LBrtuIjkYBJ-Fw1mENawnJY8TteGnV-HgOwh5fX2pmA&xdm_e=https%3A%2F%2Fdaqri1.atlassian.net&xdm_c=channel-servlet-acmodule-5667103957470040716&xdm_p=1)
2014-02-05T18:49:48.520627+00:00 app[web.1]: -- Canonical request (sorted): GET&/addon/login&cp=&lic=active&loc=en-US&tz=Europe%2FMoscow&user_id=vitaliy&user_key=vitaliy&xdm_c=channel-servlet-acmodule-5667103957470040716&xdm_e=https%3A%2F%2Fdaqri1.atlassian.net&xdm_p=1
2014-02-05T18:49:48.520627+00:00 app[web.1]: -- QSH from JWT and calculated: 4ebe4fa9e8f1ab312666866b0c247666d9d4bc6a33e21c18b50635b8c0fb5a02 and 4ebe4fa9e8f1ab312666866b0c247666d9d4bc6a33e21c18b50635b8c0fb5a02
2014-02-05T18:49:48.520627+00:00 app[web.1]: -- SUCCESS, THEY ARE IDENTICAL
2014-02-05T18:49:48.520627+00:00 app[web.1]: -- jwt.decode with shared secret
2014-02-05T18:49:48.520953+00:00 app[web.1]: {u'sub': u'vitaliy', u'iss': u'jira:14053155', u'iat': 1391626187, u'exp': 1391626367, u'qsh': u'4ebe4fa9e8f1ab312666866b0c247666d9d4bc6a33e21c18b50635b8c0fb5a02'}
2014-02-05T18:49:48.520953+00:00 app[web.1]: END VERIFING
2014-02-05T18:49:48.520953+00:00 app[web.1]: - Try to retrive an info about current user via REST API
2014-02-05T18:49:48.520953+00:00 app[web.1]: -- Try to send request
2014-02-05T18:49:48.520953+00:00 app[web.1]: -- Full Url: https://daqri1.atlassian.net/rest/api/2/myself
2014-02-05T18:49:48.520953+00:00 app[web.1]: -- Call: create_canonical_request(GET, https://daqri1.atlassian.net/rest/api/2/myself)
2014-02-05T18:49:48.520953+00:00 app[web.1]: -- Canonical request (sorted): GET&/rest/api/2/myself&
2014-02-05T18:49:48.520953+00:00 app[web.1]: -- QSH (sha256): d8d2484d5c460c4001409c81ccad12b526d1b73538f03c2ccfff74385de20795
2014-02-05T18:49:48.520953+00:00 app[web.1]: -- Making Payload: {u'sub': u'vitaliy', u'iss': u'com.moskrc.people-directory-addon', u'iat': 1391626188, u'exp': 1391626368, u'qsh': 'd8d2484d5c460c4001409c81ccad12b526d1b73538f03c2ccfff74385de20795'}
2014-02-05T18:49:48.521330+00:00 app[web.1]: -- New JWT: eyJ0eXAiOiAiSldUIiwgImFsZyI6ICJIUzI1NiJ9.eyJzdWIiOiAidml0YWxpeSIsICJpc3MiOiAiY29tLm1vc2tyYy5wZW9wbGUtZGlyZWN0b3J5LWFkZG9uIiwgImlhdCI6IDEzOTE2MjYxODgsICJleHAiOiAxMzkxNjI2MzY4LCAicXNoIjogImQ4ZDI0ODRkNWM0NjBjNDAwMTQwOWM4MWNjYWQxMmI1MjZkMWI3MzUzOGYwM2MyY2NmZmY3NDM4NWRlMjA3OTUifQ.s1R4Orl_JMPU9hB1k5FG4Lt4NcaVgJZ3A1LfpDwPYvk
2014-02-05T18:49:48.521330+00:00 app[web.1]: -- Try to send request
2014-02-05T18:49:48.570426+00:00 app[web.1]: -- Response
2014-02-05T18:49:48.570426+00:00 app[web.1]: 403

Help me please. Where I'm wrong?

Thanks!

[Vitaliy]

https://marketplace.atlassian.com/files/artifact/descriptor/a4dfd85c-077d-498b-adeb-f8504dc926b3/atlassian-connect.json

2014-02-05T19:02:35.505306+00:00 heroku[router]: at=info method=GET path=/addon/login/?lic=active&tz=Europe%2FMoscow&cp=&user_key=vitaliy&loc=en-US&user_id=vitaliy&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEzOTE2MjcxMzQsInN1YiI6InZpdGFsaXkiLCJpc3MiOiJqaXJhOjE0MDUzMTU1IiwicXNoIjoiNGViZTRmYTllOGYxYWIzMTI2NjY4NjZiMGMyNDc2NjZkOWQ0YmM2YTMzZTIxYzE4YjUwNjM1YjhjMGZiNWEwMiIsImlhdCI6MTM5MTYyNjk1NH0.M6eevNFQsc2oxIiNR3gCFUVZf_RWPpvDodMoj7sHjWw&xdm_e=https%3A%2F%2Fdaqri1.atlassian.net&xdm_c=channel-servlet-acmodule-5667103957470040716&xdm_p=1 host=blooming-beach-1348.herokuapp.com request_id=7c15cd1e-aa13-41ae-a95e-25fa2bbcd741 fwd="208.184.77.122" dyno=web.1 connect=4ms service=159ms status=500 bytes=38


I run my local version by:

$ atlas-run-standalone --product jira --version 6.2-OD-06-43 --bundled-plugins com.atlassian.plugins:atlassian-connect-plugin:1.0-m29,com.atlassian.jwt:jwt-plugin:1.0-m8,com.atlassian.upm:atlassian-universal-plugin-manager-plugin:2.14.5,com.atlassian.bundles:json-schema-validator-atlassian-bundle:1.0-m0 --jvmargs -Datlassian.upm.on.demand=true

It's works fine!!!

Help me please. Where I'm wrong?

Thanks!

[Peter Brownlow]

Hi Vitaliy,

In the logs of your local instance do you see a message formatted like "Dev mode: allowing plugin '%s' to access '%s' for user '%s'" referring to the "/rest/api/2/myself" path?

-Peter

[Peter Brownlow]

Hi again Vitaliy,

The "myself" path is not in our scopes white-list so in prod you cannot access it. Apologies! We will add in an upcoming release.

In the mean time can you use the "/api/2/user" endpoints?

-Peter

[Vitaliy Shishorin]

Hi Peter,

No, I don’t see it… How I can enable the logs?

Vit

--
You received this message because you are subscribed to a topic in the Google Groups "Atlassian Connect Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/atlassian-connect-dev/Lm-_D-_KQzA/unsubscribe.
To unsubscribe from this group and all of its topics, send an email to atlassian-connec...@googlegroups.com.

[Vitaliy Shishorin]

Ouh… It’s not good. Ok, I will use /api/2/user. Could you try to add it to the next release? Thanks.

--
You received this message because you are subscribed to a topic in the Google Groups "Atlassian Connect Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/atlassian-connect-dev/Lm-_D-_KQzA/unsubscribe.
To unsubscribe from this group and all of its topics, send an email to atlassian-connec...@googlegroups.com.

[Seb Ruiz]

Hi Vitaliy,

The logs should be in amps-standalone/target/jira-LATEST.log

We are also tracking the addition of /myself to the allowed rest apis at https://ecosystem.atlassian.net/browse/AC-928

Seb

--

You received this message because you are subscribed to the Google Groups "Atlassian Connect Dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to atlassian-connec...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Seb Ruiz

Atlassian