Atlassian::Jwt
In order to access the Atlassian Connect REST APIs an app authenticates using a JSON Web Token (JWT). The token is generated using the app's secret key and contains a claim which includes the app's key and a hashed version of the API URL the app is accessing. This gem simplifies generating the claim.
This gem provides helpers for generating Atlassian specific JWT
claims. It also exposes the ruby-jwt
gem's encode and decode methods.
Installation
Add this line to your application's Gemfile:
gem 'atlassian-jwt'And then execute:
bundleOr install it yourself as:
gem install atlassian-jwtGenerating a JWT Token
require 'atlassian/jwt'
# The URL of the API call, must include the query string, if any
url = 'https://jira.atlassian.com/rest/api/latest/issue/JRA-9'
# The key of the app as defined in the app description
issuer = 'com.atlassian.example'
# The HTTP Method (GET, POST, etc) of the API call
http_method = 'get'
# The shared secret returned when the app is installed
shared_secret = '...'
claim = Atlassian::Jwt.build_claims(issuer, url, http_method)
jwt = JWT.encode(claim, shared_secret)If the base URL of the API is not at the root of the site,
i.e. https://site.atlassian.net/jira/rest/api, you will need to pass
in the base URL to build_claims:
url = 'https://site.atlassian.net/jira/rest/api/latest/issue/JRA-9'
base_url = 'https://site.atlassian.net'
claim = Atlassian::Jwt.build_claims(issuer, url, http_method, base_url)The generated JWT can then be passed in an Authorization header or
in the query string:
# Header
uri = URI('https://site.atlassian.net/rest/api/latest/issue/JRA-9')
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Get.new(uri.request_uri)
request.initialize_http_header({'Authorization' => "JWT #{jwt}"})
response = http.request(request)# Query String
uri = URI("https://site.atlassian.net/rest/api/latest/issue/JRA-9?jwt=#{jwt}")
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Get.new(uri.request_uri)
response = http.request(request)By default the issue time of the claim is now and the expiration is 60 seconds in the future, these can be overridden:
claim = Atlassian::Jwt.build_claims(
issuer,
url,
http_method,
base_url,
(Time.now - 60.seconds).to_i,
(Time.now + 1.day).to_i
)Decoding a JWT token
The JWT from the server is usually returned as a param. The underlying Ruby JWT gem returns an array, with the first element being the claims and the second being the JWT header, which contains information about how the JWT was encoded.
claims, jwt_header = Atlassian::Jwt.decode(params[:jwt], shared_secret)By default, the JWT gem verifies that the JWT is properly signed with
the shared secret and raises an error if it's not. However, sometimes it
is necessary to read the JWT first to determine which shared secret is
needed. In this case, use nil for the shared secret and follow it with
false to tell the gem to to verify the signature.
claims, jwt_header = Atlassian::Jwt.decode(params[:jwt], nil, false)See the ruby-jwt doc for additional details.
Development
After checking out the repo, run bin/setup to install dependencies.
Run rake spec to run the tests.
Run bin/console for an interactive prompt that allows you to experiment.
Run bundle exec rake install to install this gem to your local machine.
To release a new version, update the version number in version.rb, and
then run bundle exec rake release. It will create a git tag for the
version, push git commits and tags, and push the .gem file to
rubygems.org.
Contributing
Bug reports and pull requests are welcome on Bitbucket at: https://bitbucket.org/atlassian/atlassian-jwt-ruby