0.4.1

This release fixes a major bug in the AsymmetricJwtAuthenticationProvider which rejects valid JWT signed requests if it cannot find an installed Atlassian host in the database. Instead, this fix changes the authentication behavior in the AsymmetricJwtAuthenticationProvider such that it will return Option[AtlassianHostUser] and not fail if no host could be found in the database.

At the same time AtlassianHostUserAction has been replaced and split it into AsymmetricallySignedAtlassianHostUserAction, SymmetricallySignedAtlassianHostUserAction and JwtAction.

App controller endpoints that expect Atlassian JWT signed requests must now use the new framework action format:

atlassianHostUserAction.authenticateWith(qshProvider) where atlassianHostUserAction can either be an instance of SymmetricallySignedAtlassianHostUserAction or AsymmetricallySignedAtlassianHostUserAction. As asymmetric JWTs are currently only used for app lifecycle hooks, apps typically only use SymmetricallySignedAtlassianHostUserAction.

qshProvider should refer to an instance of either CanonicalHttpRequestQshProvider for dynamically computed HTTP request QSH values, or ContextQshProvider if the app endpoint expects static context QSH values.