How to use atlassian-jwt - 10 common examples
To help you get started, we’ve selected a few atlassian-jwt examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
integrations / jira / lib / frontend / verify-jira-middleware.js View on Github 
const installation = await Installation.getForHost(jiraHost)
res.locals.installation = installation
req.addLogFields({
jiraHost: installation.jiraHost,
jiraClientKey: installation.clientKey
})
if (!installation) {
next(new Error('Not Found'))
} else {
try {
// The JWT contains a `qsh` field that can be used to verify
// the request body / query
// See https://bitbucket.org/atlassian/atlassian-connect-express/src/f434e5a9379a41213acf53b9c2689ce5eec55e21/lib/middleware/authentication.js?at=master&fileviewer=file-view-default#authentication.js-227
jwt.decode(token, installation.sharedSecret)
next()
} catch (error) {
next(new Error('Unauthorized'))
}
}
}type: installation.target_type
})
const hasMemberPermission = installation.permissions.members === 'read'
installationsWithAdmin.push({...installation, admin, hasMemberPermission})
}
return installationsWithAdmin
}
if (req.query.jwt && req.query.xdm_e) {
const { jwt: token, xdm_e: jiraHost } = req.query
const { data: { login } } = await github.users.get()
try {
// we can get the jira client Key from the JWT's `iss` property
// so we'll decode the JWT here and verify it's the right key before continuing
const installation = await Installation.getForHost(jiraHost)
const { iss: clientKey } = JWT.decode(token, installation.sharedSecret)
const { data: { installations } } = (await github.users.getInstallations({}))
const installationsWithAdmin = await getInstallationsWithAdmin({installations, login})
const { data: info } = (await client.apps.get({}))
return res.render('github-configuration.hbs', {
csrfToken: req.csrfToken(),
installations: installationsWithAdmin,
info,
jiraHost,
clientKey
})
} catch (err) {
// If we get here, there was either a problem decoding the JWT
// or getting the data we need from GitHub, so we'll show the user an error.
req.log.error(err)
return next(err)if (this.oauthConfig) {
options.oauth = this.oauthConfig;
} else if (this.basic_auth) {
if (this.basic_auth.base64) {
if (!options.headers) {
options.headers = {}
}
options.headers['Authorization'] = 'Basic ' + this.basic_auth.base64
} else {
options.auth = this.basic_auth;
}
} else if (this.jwt) {
const pathname = new URL(options.uri).pathname;
const nowInSeconds = Math.floor(Date.now() / 1000);
const queryParam = queryString.parse(queryString.stringify(options.qs));
const jwtToken = jwt.encode({
iss: this.jwt.iss,
iat: nowInSeconds,
exp: nowInSeconds + this.jwt.expiry_time_seconds,
qsh: jwt.createQueryStringHash({
method: options.method,
pathname,
query: queryParam || {}
})
}, this.jwt.secret);
if (!options.headers) {
options.headers = {};
}
options.headers['Authorization'] = `JWT ${jwtToken}`;
}async function jwtAuthHeader () {
const clientDetails = await getSketchClientDetails()
const now = moment().utc()
const token = jwt.encode(
{
iss: clientDetails.clientId,
iat: now.unix(),
exp: now.add(60, 'minutes').unix(),
aud: ['jira-sketch-integration'],
sub: getJiraHost()
},
clientDetails.sharedSecret
)
return `JWT ${token}`
}getToken = (method: string = 'get', path: string, iss: string, sharedSecret: string): Promise => {
const iat = Math.floor(Date.now() / 1000);
const exp = iat + 180;
const req: Request = fromMethodAndUrl(method, path);
const tokenData = {
iss,
iat,
exp,
qsh: createQueryStringHash(req),
};
const token = encode(tokenData, sharedSecret);
return token;
};return (config) => {
const { query, pathname } = url.parse(config.url, true)
const jwtToken = jwt.encode({
...getExpirationInSeconds(),
iss,
qsh: jwt.createQueryStringHash({
method: config.method,
originalUrl: pathname,
query
})
}, secret)
return {
...config,
headers: {
...config.headers,
Authorization: `JWT ${jwtToken}`
}
}return (config) => {
const { query, pathname } = url.parse(config.url, true)
const jwtToken = jwt.encode({
...getExpirationInSeconds(),
iss,
qsh: jwt.createQueryStringHash({
method: config.method,
originalUrl: pathname,
query
})
}, secret)
return {
...config,
headers: {
...config.headers,
Authorization: `JWT ${jwtToken}`
}
}
}
}if (!options.headers) {
options.headers = {}
}
options.headers['Authorization'] = 'Basic ' + this.basic_auth.base64
} else {
options.auth = this.basic_auth;
}
} else if (this.jwt) {
const pathname = new URL(options.uri).pathname;
const nowInSeconds = Math.floor(Date.now() / 1000);
const queryParam = queryString.parse(queryString.stringify(options.qs));
const jwtToken = jwt.encode({
iss: this.jwt.iss,
iat: nowInSeconds,
exp: nowInSeconds + this.jwt.expiry_time_seconds,
qsh: jwt.createQueryStringHash({
method: options.method,
pathname,
query: queryParam || {}
})
}, this.jwt.secret);
if (!options.headers) {
options.headers = {};
}
options.headers['Authorization'] = `JWT ${jwtToken}`;
}
if (this.cookie_jar) {
options.jar = this.cookie_jar;
}getToken = (method: string = 'get', path: string, iss: string, sharedSecret: string): Promise => {
const iat = Math.floor(Date.now() / 1000);
const exp = iat + 180;
const req: Request = fromMethodAndUrl(method, path);
const tokenData = {
iss,
iat,
exp,
qsh: createQueryStringHash(req),
};
const token = encode(tokenData, sharedSecret);
return token;
};getToken = (method: string = 'get', path: string, iss: string, sharedSecret: string): Promise => {
const iat = Math.floor(Date.now() / 1000);
const exp = iat + 180;
const req: Request = fromMethodAndUrl(method, path);
const tokenData = {
iss,
iat,
exp,
qsh: createQueryStringHash(req),
};
const token = encode(tokenData, sharedSecret);
return token;
};atlassian-jwt
JWT (JSON Web Token) implementation with custom Atlassian QSH claim verification
MIT
Latest version published 5 months ago