Shared secret failure / Fraudulent JWT Token error
- Andy Brook [Plugin People]
See https://developer.atlassian.com/cloud/jira/platform/security-for-connect-apps/#in-case-of-the-installation-secret-being-out-of-sync where the following was found:
In case of the installation secret being out of sync
There are various of reasons that the installation secret can be desynchronized. In such a case, consider going with the following viable options upon your requirements:
| Action | Resolution time | Blast radius | End-user interactions |
|---|---|---|---|---|
1* | Bump up the micro version of your app so that the daily lifecycle event can send a newly issued secret | Up to 33 hours | All sites where the app is installed | Not required |
2 | Request an administrator of the site to uninstall and reinstall the app, which will send a new secret immediately | As soon as the app is reinstalled | Only one specific site | Manual operation from the administrator is required |
3 | Submit a Developer Support ticket requesting a single site to be reset | Depends upon the ticket's resolution time | Only one specific site | Not required |
#1 is not a quick path, has to be driven by a new version release by us, which is not necessarily something we can just do.