Moving away from per-installation shared secrets for apps

Reading Time: 2 minutes

Over the last year, we’ve been working on a new Atlassian platform for developers. You can see this new platform if you are currently working on building a Stride app. This new Atlassian platform for developers will make the developer experience consistent when developing apps across our products. We’re currently working to bring Jira and Confluence to use the new Atlassian platform for developers and to do this we need to make some changes.

As a starting point, we will be using credentials managed in the developer site for the new and existing installations of these apps. When this project is done, currently estimated to take three months, instead of a using one set of credentials per installation there will be only a single set of credentials for each Marketplace listed app. This work will not have any user-visible effect and will not impact your app development workflow.

However, your app(s) that use JWT authentication method will receive a call made to the ‘installed’ lifecycle endpoint during the migration process, providing a new shared secret, signed with the existing shared secret. It will need to update the shared secret accordingly, similar to the upgrade process. An app correctly implementing the spec for signing of the lifecycle callbacks should support this, but just to make sure, we have tested our client libraries and the major apps listed in Marketplace before committing to these changes. We will put safety measures in place and will migrate apps gradually. However, we will get in touch with you in case we detect problems requiring fixes on your side.

Here are more technical details:

  • If you have used a supported client library, ACE and Spring Boot, and haven’t replaced the storage adapter everything should run smoothly for you.
  • If you have implemented your own storage adapter for app data, it is important to verify that your app will properly handle the ‘installed’ lifecycle event, and will update existing records.
  • When this initial stage of the migration is complete, all shared secrets in your database will be the same – and then we’ll follow up with details on the next phase of the migration.

Feel free to reach to us via our service desk if you have questions or need help.