Error: Received bad response from the server while requesting https://addons.mozilla.org/api/v3/addons/%40ffe/versions/1.0.0/ status: 401 response: {"detail":"Unknown JWT iss (issuer)"}

Hi, I created my first add-on, and now I want to sign it, so my friends can use it.
I don’t want to upload my extension to mozilla store.

When I run this command inside add-on folder:
jpm sign --api-key ${user:*******:***} --api-secret ${**************************************************************}

i get this error:

> JPM [info] Created XPI for signing: C:\Users\STEFAN~1\AppData\Local\Temp\tmp-unsigned-xpi-5168BFT2GMmLtNlm\@ffe-1.0.0.xpi
> JPM [error] FAIL
> Error: Received bad response from the server while requesting https://addons.mozilla.org/api/v3/addons/%40ffe/versions/1.0.0/

> status: 401
> response: {"detail":"Unknown JWT iss (issuer)"}
> headers: {"allow":"GET, PUT, HEAD, OPTIONS","content-security-policy":"script-src 'self' https://addons.mozilla.org https://www.paypalobjects.com https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com https://addons.cdn.mozilla.net; default-src 'self'; img-src 'self' data: blob: https://www.paypal.com https://ssl.google-analytics.com https://addons.cdn.mozilla.net https://static.addons.mozilla.net https://ssl.gstatic.com/ https://sentry.prod.mozaws.net; media-src https://videos.cdn.mozilla.net; style-src 'self' 'unsafe-inline' https://addons.cdn.mozilla.net; frame-src 'self' https://ic.paypal.com https://paypal.com https://www.google.com/recaptcha/ https://www.paypal.com; object-src 'none'; connect-src 'self' https://sentry.prod.mozaws.net; font-src 'self' https://addons.cdn.mozilla.net; report-uri /__cspreport__","content-type":"application/json","date":"Tue, 15 Mar 2016 22:27:05 GMT","server":"nginx","set-cookie":["multidb_pin_writes=y; expires=Tue, 15-Mar-2016 22:27:20 GMT; Max-Age=15; Path=/"],"strict-transport-security":"max-age=31536000","vary":"X-Mobile, User-Agent","www-authenticate":"JWT realm=\"api\"","x-content-type-options":"nosniff","x-frame-options":"DENY","x-xss-protection":"1; mode=block","content-length":"38","connection":"Close"}

> at C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\lib\amo-client.js:92:13
> at tryCatchReject (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:845:30)
> at runContinuation1 (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:804:4)
> at Fulfilled.when (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:592:4)
> at Pending.run (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:483:13)
> at Scheduler._drain (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\Scheduler.js:62:19)
> at Scheduler.drain (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\Scheduler.js:27:9)
> at doNTCallback0 (node.js:419:9)
> at process._tickCallback (node.js:348:13)

What am I doing wrong? I just need to let my friends use this extension without using developer’s version of firefox or turning some safety flags off, so they can install it with simple XPI. Thanks in advance.

Maybe @kumar303 knows?

I found out, the problem was that i haven’t removed ${}.
But now I get different error:

JPM [error] FAIL
Error: Received bad response from the server while requesting https://addons.mozilla.org/api/v3/addons/%40ffe/versions/1.0.0/

status: 401
response: {"detail":"Signature has expired."}
headers: {"allow":"GET, PUT, HEAD, OPTIONS","content-security-policy":"script-src 'self' https://addons.mozilla.org https://www.paypalobjects.com https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com https://addons.cdn.mozilla.net; default-src 'self'; img-src 'self' data: blob: https://www.paypal.com https://ssl.google-analytics.com https://addons.cdn.mozilla.net https://static.addons.mozilla.net https://ssl.gstatic.com/ https://sentry.prod.mozaws.net; media-src https://videos.cdn.mozilla.net; style-src 'self' 'unsafe-inline' https://addons.cdn.mozilla.net; frame-src 'self' https://ic.paypal.com https://paypal.com https://www.google.com/recaptcha/ https://www.paypal.com; object-src 'none'; connect-src 'self' https://sentry.prod.mozaws.net; font-src 'self' https://addons.cdn.mozilla.net; report-uri /__cspreport__","content-type":"application/json","date":"Fri, 18 Mar 2016 23:59:27 GMT","server":"nginx","set-cookie":["multidb_pin_writes=y; expires=Fri, 18-Mar-2016 23:59:42 GMT; Max-Age=15; Path=/"],"strict-transport-security":"max-age=31536000","vary":"X-Mobile, User-Agent","www-authenticate":"JWT realm=\"api\"","x-content-type-options":"nosniff","x-frame-options":"DENY","x-xss-protection":"1; mode=block","transfer-encoding":"chunked","connection":"Close"}

    at C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\lib\amo-client.js:92:13
    at tryCatchReject (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:845:30)
    at runContinuation1 (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:804:4)
    at Fulfilled.when (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:592:4)
    at Pending.run (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\makePromise.js:483:13)
    at Scheduler._drain (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\Scheduler.js:62:19)
    at Scheduler.drain (C:\Users\stefanmarkovic\AppData\Roaming\npm\node_modules\jpm\node_modules\when\lib\Scheduler.js:27:9)
    at doNTCallback0 (node.js:419:9)
    at process._tickCallback (node.js:348:13)

Search the github issues pages, lots of them can be solved here - https://github.com/mozilla/olympia/issues/1071

If you want to see some working code in javascript I do so in my addon here - https://github.com/Noitidart/Chrome-Store-Foxified/blob/master/modules/MainWorker/MainWorker.js#L140

That goes through the whole process of signing it, in javascript.

I can’t find a solution for this… Is there anyone willing to sign my really simple extension for me? I would send my code…

Nevermind, i did it through website, didnt know there’s that option too. You can lock this topic.

Yep you just uploaded it as “Unlisted” correct?

Yes