I'm using atlassian connect express to run a jira add-on which I authenticate with JWT.
My scope here is to get the current logged-in user(not the add-on user).
I setup a route in express which calls it using the httpClient like this:
app.get('/myself', addon.checkValidToken(), function(req, res) { var httpClient = addon.httpClient(req);
httpClient.get({ "headers": { "Content-Type": "application/json", "Accept": "application/json" }, "url": "/rest/auth/1/session" }, function(err, response, body) { if (err) { console.log(response.statusCode + ": " + err); res.send("Error: " + response.statusCode + ": " + err); } else { console.log(response.statusCode, body); res.send(body); } } ); });
this responds with 403 forbidden.
I'm using the same type of routing for getting the app list of users, for example, and that one works fine.
I see in the API docs that "Apps cannot access this REST resource." - does this include add-ons? If so, what should I use to get the current user information?