Dear Atlassian Support Team,
We are currently experiencing an issue with the new GitHub-for-JIRA plugin integration, which is intended to replace the deprecated DVCS plugin. During our testing in a non-production environment, we observed that the integration fails at the OAuth token exchange step.
Specifically, the plugin attempts to call the /login/oauth/access_token endpoint using the GET method. However, our AWS perimeter firewall is configured to only allow POST requests to this endpoint, in alignment with GitHub’s OAuth implementation and industry best practices.
This behavior was confirmed through detailed log analysis, which showed that the token request is being blocked at the firewall level due to the use of the GET method.
We have reviewed the GitHub-for-JIRA GitHub repository and noted that both automated and manual integration flows appear to use the same GET method for token exchange. Given this, we would like to request the following clarifications and support Can the plugin be updated to use POST instead of GET for the token exchange step? (https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps)
We aim to ensure full compatibility with our security policies and would appreciate your guidance on how best to proceed.
Thank you for your support.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.