Rate this page:
Any request made by HipChat to your add-on configuration page will include a JSON Web Token (JWT), an encoded form of JSON data and a signature to verify its contents. It is recommended you use one of the existing JWT libraries to decode the token. You can use the JWT token to validate that:
The JWT token is included either:
JWT tokens are base64 encoded. Once decoded, the JWT token is made of 3 elements delimited by a "."
The payload contains the following elements, which provide contextual information about the call:
Attribute
|
Description
| ||||
---|---|---|---|---|---|
iss | Issuer: OAuth Client ID | ||||
sub | Subject: User ID | ||||
iat | Issued at timestamp | ||||
exp | Expiration timestamp | ||||
jti | JWT ID (random 20 chars) | ||||
context | Custom attributes:
|
The token is signed. You can verify its signature using the sharedSecret sent during installation.
Here are the steps to handle a JWT token:
For example, using Node.js:
1 2 3 4 5 6 7 8 9 10 11 12 13 14
var jwtUtil = require('jwt-simple')
//extract the token from the request
var encodedJwt = request.query['signed_request'];
//first decode the token without validating the signature
var jwt = jwtUtil.decode(encodedJwt, null, true);
//then lookup the installation details based on the oauth ID in the token
var oauthId = jwt['iss'];
var installation = installationStore.getInstallation(oauthId);
//Then validate the token signature
jwtUtil.decode(encodedJwt, installation.oauthSecret);
The HipChat Javascript API includes a function so your add-on front-end can retrieve a JWT token to talk to your add-on back-end.
This token has the same structure as the one used for HipChat to add-on calls.
In particular, it contains the context of the call (oauth client ID, user ID, etc.).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
//Retrieve a JWT token
HipChat.auth.withToken (function(err, token) {
if (err) {
// error
} else {
//Include this token in a REST call to the add-on backend
$.ajax({
type: "POST",
url: "/your-addon-endpoint",
headers: { 'authorization': 'JWT ' + token },
data: {
//custom data
}
});
}
}
Rate this page: