JIRA Rest API returns 403 Forbidden for "/rest/auth/1/session"

I'm using atlassian connect express to run a jira add-on which I authenticate with JWT. 

My scope here is to get the current logged-in user(not the add-on user). 

I setup a route in express which calls it using the httpClient like this: 

app.get('/myself', addon.checkValidToken(), function(req, res) { var httpClient = addon.httpClient(req);
 httpClient.get({ "headers": { "Content-Type": "application/json", "Accept": "application/json" }, "url": "/rest/auth/1/session" }, function(err, response, body) { if (err) { console.log(response.statusCode + ": " + err); res.send("Error: " + response.statusCode + ": " + err); } else { console.log(response.statusCode, body); res.send(body); } } ); });

 this responds with 403 forbidden.

I'm using the same type of routing for getting the app list of users, for example, and that one works fine.

I see in the API docs that "Apps cannot access this REST resource." - does this include add-ons? If so, what should I use to get the current user information?