Hi everyone,
I'm implementing OAuth 2.0 for a Jira Data Center application and have a question about how the client credentials work in a multi-user environment.
From what I understand, an OAuth provider is configured once in Jira Data Center, which generates a Client ID and Client Secret.
I would like to confirm the following:
I want to make sure my implementation follows the recommended best practices for Jira Data Center.
Thanks in advance for your help!
Hi @AutomationUIUser
Thanks for the question.
Based on my experience, I'd recommend configuring a single OAuth 2.0 application in Jira Data Center and using that for all users.
The Client ID and Client Secret belong to the application itself, so they're shared by everyone who authorizes it. Jira doesn't create a separate Client ID or Client Secret for each user.
What is unique to each user are the authorization code, access token, and refresh token. Each user needs to complete the OAuth authorization flow once, after which your application should securely store their tokens and use them for future requests on that user's behalf.
This is the standard OAuth 2.0 approach and is the one I'd recommend for a multi-user integration. Just make sure to keep the Client Secret on the server side and never expose it in client-side code.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.