atlassian_connect_jwt 0.3.7

  • README.md
  • CHANGELOG.md
  • Installing
  • Versions
  • 28

Atlassian Connect extensions for Json Web Token

Introduction

Provides support for handling Atlassian Connect specific Json Web Tokens. Specifically:

  • Decoding and validating Atlassian product host generated tokens that are sent as part of requests to the addon host
  • Creating tokens for inclusion when sending requests to the Atlassian product hosts
    • Both these include the qsh (query string hash) claim
  • Session tokens for the addon to use when communicating between it's own client and server components
    • These include a custom claim for the product host key

This library can be used on it's own (e.g. as part of your own custom Dart based Atlassian Connect client framework) or as part of the Atlassian Connect Shelf based server.

Using

Product Host Token

####Decoding####

To decode a JWT string

JsonWebToken<ProductHostClaimSet> jwt = decodeProductHostToken(jwtStr);

Validating

Validating is the same as per dart_jwt

Claim Set

In addition to the standard claims, the ProductHostClaimSet includes the custom claim qsh which can be accessed as follows

String qsh = jwt.claimSet.queryStringHash;

####Encoding#### A function encapsulates the process of creating the token (creating the claims, signing request etc)

String jwtToken = createProductHostToken('/some/host/path', 'GET',
    { 'param1': 'value1' }, sharedSecret, hostKey);

Addon Session Token

####Decoding####

To decode a JWT string

JsonWebToken<AddonSessionClaimSet> jwt = decodeAddonSessionToken(jwtStr);

Validating

Validating is the same as per dart_jwt

Claim Set

In addition to the standard claims, the AddonSessionClaimSet includes the custom claim productHostKey (as the issuer in this case is the addon itself) which can be accessed as follows

String productHostKey = jwt.claimSet.productHostKey;

####Encoding#### A function encapsulates the process of creating the token (creating the claims, signing request etc)

String jwtToken = createAddonSessionToken(addonSecret, addonKey, productHostKey, user);

Advanced Usage - QSH

The library also exposes the query string hash mechanism. To create a qsh

String qsh = createQshFromPath(String path, String method, 
                         Multimap<String, String> queryParameters)

Issues

  • Currently doesn't expose a way to configure the expiry timeouts of the claims.

0.2.2

  • dart_jwt version 0.1.1 aud claim

0.2.1

  • Added subject as optional argument to createProductHostToken

0.2.0

  • Prevented ampersands in URI paths from potentially resulting in canonical request collisions, which would have allowed limited qsh spoofing.
  • The separator is url-encoded so that https://something.com/rest/api/2/project&a=b?x=y and https://something.com/rest/api/2/project?a=b&x=y result in different qsh claims.
  • The same change has been made in atlassian-jwt 1.0.1.

0.1.0+2

  • upgraded min sdk version

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  atlassian_connect_jwt: "^0.3.7"

2. Install it

You can install packages from the command line:

with pub:


$ pub get

with Flutter:


$ flutter packages get

Alternatively, your editor might support pub get or flutter packages get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


      import 'package:atlassian_connect_jwt/atlassian_connect_jwt.dart';
  
Version Uploaded Documentation Archive
0.3.7 Apr 10, 2016 Go to the documentation of atlassian_connect_jwt 0.3.7 Download atlassian_connect_jwt 0.3.7 archive
0.3.6 Mar 11, 2016 Go to the documentation of atlassian_connect_jwt 0.3.6 Download atlassian_connect_jwt 0.3.6 archive
0.3.5 Oct 28, 2015 Go to the documentation of atlassian_connect_jwt 0.3.5 Download atlassian_connect_jwt 0.3.5 archive
0.3.4 Aug 20, 2015 Go to the documentation of atlassian_connect_jwt 0.3.4 Download atlassian_connect_jwt 0.3.4 archive
0.3.3 Aug 12, 2015 Go to the documentation of atlassian_connect_jwt 0.3.3 Download atlassian_connect_jwt 0.3.3 archive
0.3.2 Jul 14, 2015 Go to the documentation of atlassian_connect_jwt 0.3.2 Download atlassian_connect_jwt 0.3.2 archive
0.3.1 Jul 14, 2015 Go to the documentation of atlassian_connect_jwt 0.3.1 Download atlassian_connect_jwt 0.3.1 archive
0.3.0 Jul 14, 2015 Go to the documentation of atlassian_connect_jwt 0.3.0 Download atlassian_connect_jwt 0.3.0 archive
0.2.3 Dec 12, 2014 Go to the documentation of atlassian_connect_jwt 0.2.3 Download atlassian_connect_jwt 0.2.3 archive
0.2.2 Jul 8, 2014 Go to the documentation of atlassian_connect_jwt 0.2.2 Download atlassian_connect_jwt 0.2.2 archive

All 14 versions...

Analysis

We analyzed this package on May 22, 2018, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.0.0-dev.54.0
  • pana: 0.11.1

Scores

Popularity:
Describes how popular the package is relative to other packages. [more]
0 / 100
Health:
Code health derived from static analysis. [more]
92 / 100
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
0 / 100
Overall score:
Weighted score of the above. [more]
28
Learn more about scoring.

Platforms

Detected platforms: Flutter, web, other

No platform restriction found in primary library package:atlassian_connect_jwt/atlassian_connect_jwt.dart.

Suggestions

  • Fix analysis and formatting issues.

    Analysis or formatting checks reported 1 error 6 hints.

    Strong-mode analysis of lib/src/product_host_token.dart failed with the following error:

    line: 80 col: 3
    Invalid override. The type of 'ProductHostClaimSet.validate' ('(ProductHostClaimSetValidationContext) → Set<ConstraintViolation>') isn't a subtype of 'OpenIdJwtClaimSet.validate' ('(JwtClaimSetValidationContext) → Set<ConstraintViolation>').

    Strong-mode analysis of lib/src/qsh.dart gave the following hint:

    line: 3 col: 1
    'dart.pkg.collection.algorithms' is deprecated and shouldn't be used.

  • The description is too short.

    Add more detail about the package, what it does and what is its target use case. Try to write at least 60 characters.

  • Package is pre-v1 release.

    While there is nothing inherently wrong with versions of 0.*.*, it usually means that the author is still experimenting with the general direction API.

  • Maintain an example.

    Create a short demo in the example/ directory to show how to use this package. Common file name patterns include: main.dart, example.dart or you could also use atlassian_connect_jwt.dart.

Dependencies

Package Constraint Resolved Available
Direct dependencies
Dart SDK >=1.8.0 <2.0.0
collection >=0.9.1 <2.0.0 1.14.9
dart_jwt >=0.4.6 <0.4.7 0.4.6 0.6.0
logging >=0.9.1+1 <0.12.0 0.11.3+1
path >=1.0.0 <2.0.0 1.5.1
quiver >=0.18.0 <0.22.0 0.21.4 0.29.0+1
shelf_auth ^0.7.2 0.7.2 0.7.4
Transitive dependencies
async 1.13.3 2.0.7
bignum 0.0.7 0.1.0
charcode 1.1.1
cipher 0.7.1
concepts 0.2.0
convert 1.1.1 2.0.1
crypto 0.9.2+1 2.0.3
either 0.1.8
fixnum 0.9.1+2 0.10.7
http_exception 0.1.0
http_parser 3.1.2
matcher 0.12.2+1
option 1.2.0
shelf 0.6.8 0.7.3
shelf_path 0.1.8
source_span 1.4.0
stack_trace 1.9.2
stream_channel 1.6.6
string_scanner 1.0.2
typed_data 1.1.5
uuid 0.5.1 1.0.0
Dev dependencies
test ^0.12.0