Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

OAuth 2.0 Webhook Auth

Chris Hoogeboom
Chris Hoogeboom
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 19, 2025

The documentation for webhooks says that the webhook request will be secured with bearer auth

 

https://developer.atlassian.com/cloud/jira/platform/webhooks/#webhooks-authentication-for-oauth-2-0-apps

 

After I decode the token using my client secret, what should the body of the decoded token contain?

Edit for clarity: The payload of a JWT contains a number of "claims". These can be things like iss (issuer), exp (expiration time), sub (subject), aud (audience), and others. I'm wondering what claims will be included in the JWT that Jira passes to my webhook callback. For example, can I expect the expiration time to be included, so that I can verify the token hasn't expired?

Answer
Watch
Like Be the first to like this
155 views

1 answer

0 votes
Mohanraj Thangamuthu
Mohanraj Thangamuthu
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 20, 2025

Hello, Good day. I hope the following link helps your requirement. https://community.atlassian.com/forums/Jira-articles/Automation-for-Jira-Send-web-request-using-Jira-REST-API/ba-p/1443828

View More Comments
Chris Hoogeboom
Chris Hoogeboom
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 20, 2025

Hey, thanks for the response! The article you linked me is related to sending web requests via automation rules. In that article, the example rule is using Basic auth and is encoding the token from the following pattern: <EMAIL>:<API_TOKEN>.

The document I linked above says that Webhooks use Bearer auth. Typically bearer tokens include encoded information, like the User ID and expiration time. My question is what is the schema of the decoded token? 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security