@Override public void issueSharedSecret(@Nonnull ApplicationLink applicationLink, @Nonnull String path) throws JwtRegistrationFailedException { // generate secure shared secret String sharedSecret = SecretGenerator.generateUrlSafeSharedSecret(SigningAlgorithm.HS256); Object addOnKey = applicationLink.getProperty(ADD_ON_ID_PROPERTY_NAME); if (null == addOnKey) { throw new JwtRegistrationFailedException( String.format( "Application link '%s' has no '%s' property. It should have been set during add-on installation! Please reinstall the add-on.", applicationLink.getId(), ADD_ON_ID_PROPERTY_NAME)); } // pass shared secret to peer try { applicationLink .createAuthenticatedRequestFactory(Anonymous.class) .createRequest(Request.MethodType.POST, path) .addRequestParameters( "myId", hostApplication.getId().get(), "yourId", addOnKey.toString(), "secret", sharedSecret) .execute( new ResponseHandler<Response>() { @Override public void handle(Response response) throws ResponseException { if (!response.isSuccessful()) { throw new ResponseException( "Registration failed, received " + response.getStatusCode() + " " + response.getStatusText() + " from peer."); } } }); } catch (ResponseException e) { throw new JwtRegistrationFailedException(e); } catch (CredentialsRequiredException e) { // will not happen with an Anonymous authentication provider throw new IllegalStateException(e); } // store the shared secret on the application link applicationLink.putProperty(SHARED_SECRET_PROPERTY_NAME, sharedSecret); }