Atlassian JWT Plugin

The Atlassian JWT plugin (tika-pipes-atlassian-jwt) provides a fetcher specifically for Atlassian Connect endpoints (Jira Cloud, Confluence Cloud) that require an Atlassian-style JWT bearer token. It is fetcher-only — pair it with another emitter and iterator.

For generic HTTP fetching, use the HTTP plugin instead.

Interface Component name Class

Fetcher

atlassian-jwt-fetcher

AtlassianJwtFetcher

Atlassian JWT Fetcher (atlassian-jwt-fetcher)

Fetches resources from an Atlassian Cloud endpoint, generating a fresh JWT for each request signed with the app’s shared secret.

{
  "fetchers": {
    "ajwt": {
      "atlassian-jwt-fetcher": {
        "issuer": "tika-pipes-app-key",
        "sharedSecret": "REDACTED_SHARED_SECRET",
        "subject": "service-account@example.com",
        "jwtExpiresInSeconds": 3600,
        "maxConnections": 2000,
        "maxConnectionsPerRoute": 1000,
        "connectTimeoutMillis": 30000,
        "socketTimeoutMillis": 60000,
        "requestTimeoutMillis": 60000,
        "overallTimeoutMillis": 120000,
        "userAgent": "tika-pipes/1.0"
      }
    }
  }
}

Configuration

Field Default Description

issuer

required

Atlassian Connect app key (the iss claim).

sharedSecret

required

Shared secret from the app installation, used as the JWT signing key.

subject

optional

JWT sub claim — typically an account ID for user-context calls.

jwtExpiresInSeconds

3600

JWT validity window. Each request gets a freshly-signed token.

userAgent

no default

User-Agent header sent on each request.

maxConnections

2000

HTTP connection-pool size.

maxConnectionsPerRoute

1000

Per-route connection-pool size.

connectTimeoutMillis

120000

TCP connect timeout.

socketTimeoutMillis

120000

Socket read timeout.

requestTimeoutMillis

120000

Connection-manager request timeout.

overallTimeoutMillis

120000

Hard cap on total time for a single fetch operation.

maxRedirects

0

Maximum number of redirects to follow.

maxSpoolSize

-1

Maximum bytes to spool locally. -1 means no limit.

maxErrMsgSize

10000000

Maximum bytes of error response body to capture into the exception.

httpHeaders

empty

Extra HTTP headers, formatted as "Header: value" strings (list).

httpRequestHeaders

empty

Structured per-request headers as a Header → [values] map.

Notes

  • The JWT is computed per request — the qsh claim is derived from the request method and URL, as required by Atlassian Connect.

  • sharedSecret is sensitive; use environment-variable substitution or external secret stores rather than inlining it in source control.

  • For Jira Server / Data Center (not Cloud) endpoints, use the HTTP plugin with basic or token auth instead — those endpoints do not accept Atlassian Connect JWTs.