I have used this video to properly understand how JWT QSH is created from a SHA hashed conical requesthttps://www.youtube.com/watch?v=5EpEMKPbUjU
I also have gone through, this site Understanding JWT. https://developer.atlassian.com/cloud/jira/platform/understanding-jwt-for-connect-apps/.I have replicated everything done there, and still confused. I have never been able to reproduce the qsh.
if (verifiedClaims.qsh) { const { baseUrl } = payload; const url = JWTHelper.decodeUrlToMatchJWTQueryStringHash(baseUrl); logger.debug(`url[${url}]`); const req = jwt.fromMethodAndUrl("GET", url); logger.debug(`req[${JSON.stringify(req)}]`); let expectedHash = jwt.createQueryStringHash(req); logger.debug(`expectedHash[${expectedHash}]`); let signatureHashVerified = verifiedClaims.qsh === expectedHash; logger.json("signatureHashVerified", { qsh: verifiedClaims.qsh, expectedHash, signatureHashVerified }); if (!signatureHashVerified) { // If signatureVerified is false, then check the url if its a PUT/POST expectedHash = jwt.createQueryStringHash(req, url); signatureHashVerified = verifiedClaims.qsh === expectedHash; logger.json("signatureHashVerified", { qsh: verifiedClaims.qsh, expectedHash, signatureHashVerified }); if (verifiedClaims.qsh !== expectedHash && verifiedClaims.qsh !== "context-qsh") { const canonicalRequest = jwt.createCanonicalRequest(req, true, url); logger.error('Auth failure: Query hash mismatch: Received: "'+ verifiedClaims.qsh +'" but calculated "'+ expectedHash +'". '+'Canonical query was: "'+ canonicalRequest); throw new Error("Authentication failed: query hash does not match."); } } }The code above is from the Link, understanding jwt. I am using atlassian-jwt npm packagehttps://www.npmjs.com/package/atlassian-jwt.
Please where am I getting it all wrong, from my codes or from any perspective what can I do to fix the issue and verify qsh