atlassian_connect_jwt 0.3.7

  • README.md
  • CHANGELOG.md
  • Installing
  • Versions
  • 0

Atlassian Connect extensions for Json Web Token

Introduction

Provides support for handling Atlassian Connect specific Json Web Tokens. Specifically:

  • Decoding and validating Atlassian product host generated tokens that are sent as part of requests to the addon host
  • Creating tokens for inclusion when sending requests to the Atlassian product hosts
    • Both these include the qsh (query string hash) claim
  • Session tokens for the addon to use when communicating between it's own client and server components
    • These include a custom claim for the product host key

This library can be used on it's own (e.g. as part of your own custom Dart based Atlassian Connect client framework) or as part of the Atlassian Connect Shelf based server.

Using

Product Host Token

####Decoding####

To decode a JWT string

JsonWebToken<ProductHostClaimSet> jwt = decodeProductHostToken(jwtStr);

Validating

Validating is the same as per dart_jwt

Claim Set

In addition to the standard claims, the ProductHostClaimSet includes the custom claim qsh which can be accessed as follows

String qsh = jwt.claimSet.queryStringHash;

####Encoding#### A function encapsulates the process of creating the token (creating the claims, signing request etc)

String jwtToken = createProductHostToken('/some/host/path', 'GET',
    { 'param1': 'value1' }, sharedSecret, hostKey);

Addon Session Token

####Decoding####

To decode a JWT string

JsonWebToken<AddonSessionClaimSet> jwt = decodeAddonSessionToken(jwtStr);

Validating

Validating is the same as per dart_jwt

Claim Set

In addition to the standard claims, the AddonSessionClaimSet includes the custom claim productHostKey (as the issuer in this case is the addon itself) which can be accessed as follows

String productHostKey = jwt.claimSet.productHostKey;

####Encoding#### A function encapsulates the process of creating the token (creating the claims, signing request etc)

String jwtToken = createAddonSessionToken(addonSecret, addonKey, productHostKey, user);

Advanced Usage - QSH

The library also exposes the query string hash mechanism. To create a qsh

String qsh = createQshFromPath(String path, String method, 
                         Multimap<String, String> queryParameters)

Issues

  • Currently doesn't expose a way to configure the expiry timeouts of the claims.

0.2.2

  • dart_jwt version 0.1.1 aud claim

0.2.1

  • Added subject as optional argument to createProductHostToken

0.2.0

  • Prevented ampersands in URI paths from potentially resulting in canonical request collisions, which would have allowed limited qsh spoofing.
  • The separator is url-encoded so that https://something.com/rest/api/2/project&a=b?x=y and https://something.com/rest/api/2/project?a=b&x=y result in different qsh claims.
  • The same change has been made in atlassian-jwt 1.0.1.

0.1.0+2

  • upgraded min sdk version

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  atlassian_connect_jwt: ^0.3.7

2. Install it

You can install packages from the command line:

with pub:


$ pub get

Alternatively, your editor might support pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:atlassian_connect_jwt/atlassian_connect_jwt.dart';
  
Version Uploaded Documentation Archive
0.3.7 Apr 10, 2016 Go to the documentation of atlassian_connect_jwt 0.3.7 Download atlassian_connect_jwt 0.3.7 archive
0.3.6 Mar 11, 2016 Go to the documentation of atlassian_connect_jwt 0.3.6 Download atlassian_connect_jwt 0.3.6 archive
0.3.5 Oct 28, 2015 Go to the documentation of atlassian_connect_jwt 0.3.5 Download atlassian_connect_jwt 0.3.5 archive
0.3.4 Aug 20, 2015 Go to the documentation of atlassian_connect_jwt 0.3.4 Download atlassian_connect_jwt 0.3.4 archive
0.3.3 Aug 12, 2015 Go to the documentation of atlassian_connect_jwt 0.3.3 Download atlassian_connect_jwt 0.3.3 archive
0.3.2 Jul 14, 2015 Go to the documentation of atlassian_connect_jwt 0.3.2 Download atlassian_connect_jwt 0.3.2 archive
0.3.1 Jul 14, 2015 Go to the documentation of atlassian_connect_jwt 0.3.1 Download atlassian_connect_jwt 0.3.1 archive
0.3.0 Jul 14, 2015 Go to the documentation of atlassian_connect_jwt 0.3.0 Download atlassian_connect_jwt 0.3.0 archive
0.2.3 Dec 12, 2014 Go to the documentation of atlassian_connect_jwt 0.2.3 Download atlassian_connect_jwt 0.2.3 archive
0.2.2 Jul 8, 2014 Go to the documentation of atlassian_connect_jwt 0.2.2 Download atlassian_connect_jwt 0.2.2 archive

All 14 versions...

Popularity:
Describes how popular the package is relative to other packages. [more]
0
Health:
Code health derived from static analysis. [more]
0
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
0
Overall:
Weighted score of the above. [more]
0
Learn more about scoring.

The package version is not analyzed, because it does not support Dart 2. Until this is resolved, the package will receive a health and maintenance score of 0.

Analysis issues and suggestions

Support Dart 2 in pubspec.yaml.

The SDK constraint in pubspec.yaml doesn't allow the Dart 2.0.0 release. For information about upgrading it to be Dart 2 compatible, please see https://www.dartlang.org/dart-2#migration.

Dependencies

Package Constraint Resolved Available
Direct dependencies
Dart SDK >=1.8.0 <2.0.0