Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Creating Forge app with oauth 2 3LO instead of an API token

Pierre Ibrahim
Contributor
July 10, 2026

Hello,

I'm gonna preface this with saying I'm very new to forge development (never used it before) and not a programmer in general. With that out of the way, I'm wanting to make a small forge app to index JIRA space properties so I can use them in JQL.

Context for wanting to do this is I was using a third party plugin that allows creating JIRA project properties and the properties created through that plugin are automatically indexed and JQL-able. That plugin was free when I was testing it in my sandbox environment, however it is now a paid plugin. I am trying to recreate just the indexing portion of this to see if I can do it without buying the plugin.

My vision for this is I'm wanting to create three JIRA space properties and populate them for every space in my JIRA cloud instance. I've already defined what my properties should be, how I intend to populate them for the initial push via REST API (already have the code written there), and how to manage them ongoing via JIRA automation rules (also written).

My research has led me to the conclusion that the only way to get these space properties (without a third party plugin) indexed so they can be used in JQL is through a Connect or Forge app, I also understand Atlassian is moving away from Connect altogether in favor of forge.

With all that said, IT had instructed me to use OAuth 2.0 (3LO) (https://developer.atlassian.com/cloud/jira/software/oauth-2-3lo-apps/) instead of an API token directly (https://developer.atlassian.com/platform/forge/getting-started/) that the tutorial linked points to using.

I can't find instructions on using this type of authentication as opposed to an API token for creating the app, and I think the OAuth 2.0 is only for API calls made by the app AFTER it's created. Am I misunderstanding this? Can anyone point me to how this can be accomplished if I'm mistaken please?

Also if there's a way to avoid the forge app altogether and index the space properties via Rest API or Scriptrunner, I'll go for that.

Thanks in advance for any guidance,

Pierre

2 answers

0 votes
Germán Morales
Atlassian Partner
July 11, 2026

Hi @Pierre Ibrahim , to add to zoltanersek's answer: you're not misunderstanding OAuth 2.0 3LO, you're right that it's for calls made after the app exists, and it doesn't even apply here. The API token the getting started tutorial points to is only for "forge login", authenticating the CLI to your own Atlassian account while you develop and deploy. It has nothing to do with how the deployed app talks to Jira at runtime. At runtime a Forge app uses the built in asApp/asUser bridge (requestJira), which Atlassian authenticates for you, no OAuth flow to build yourself. 3LO is for a separate, standalone app calling the Cloud REST API directly from its own server, which isn't your case.

Your research is also correct that this needs a Forge or Connect app specifically. Indexing a property for JQL is done through the jira:entityProperty manifest module, there's no REST endpoint or ScriptRunner path that registers that indexing, it has to be declared in an app's manifest.

  • Set entityType to "project" for each of your 3 properties.
  • Give each a propertyKey matching what you're already writing via REST API, list the fields you want searchable under values with their type and a searchAlias.
  • Query them in JQL with project.yourAlias = value.

Since you're already populating and maintaining the properties yourself through REST API and automation rules, the Forge app itself can be just this manifest declaration, no request code, no auth logic needed inside it at all.

0 votes
zoltanersek _outpostlabs_dev_
Atlassian Partner
July 10, 2026

if your Forge app needs to call Atlassian APIs on behalf of a user, you would typically use Forge's built-in auth (requestJira) rather than implementing OAuth 2.0 (3LO) yourself. 3LO is mainly for external applications, not for authenticating a Forge app to Atlassian.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events