Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

2 legged OAuth

Blanka Bouskova
Blanka Bouskova September 14, 2016

I'm developing a connection between our Java application and JIRA. I'm trying to use com.atlassian.jira.rest.client.api.AuthenticationHandler for it and it works fine. I want to be able to connect through 2 legged OAuth. But I'm not able to find out how to impersonate a user.

Could you help me please?

Watch
Like Volodymyr Krupach likes this
2537 views

2 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Answer accepted
David Teague1
David Teague
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 19, 2016

The problem with your example of 4 years ago is JIRA (with version 7) I've found have removed the option to link the incoming link configuration for an OAuth client to an authorised JIRA user.

 

In other words, if you want 2LO (2 legged OAuth) to work - that is a trusted client app making calls to JIRA (without a user dynamnically authorising requests in the middle = 3 legged), you have no way to set the JIRA user the incoming application OAuth maps to.

I've posted this: https://answers.atlassian.com/questions/41817257

In the hope someone can help

Reply
1 vote
Volodymyr Krupach
Volodymyr Krupach
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 15, 2016

Hi Blanka,

See this tutorial: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-oauth-authentication. I was able to follow it about 4 years ago when I was writing my very first JIRA integration addon and it went fine. As I know nothing changed for oauth so it should work for you as well.

View More Comments
Blanka Bouskova
Blanka Bouskova September 15, 2016

Hi Volodymyr,

thank you for your comment!

I have already used the net.oauth.core library. But I don't know how to impersonate a user. I mean I want to send JQL request to JIRA so that the results will respect permissions of another user.
I suppose I need to set some parameter at OAuthMessage. I have already tried to use these params: xoauth_requestor_id, user_id, oauth_user_id, xoauth_user_id, but without success.

I use JiraRestClientFactory and I proceeded according to Abbas Sarraf comment, you can see it below on this page. It works good. I only need to create requests as different users.

 

Like
Volodymyr Krupach
Volodymyr Krupach
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 15, 2016

I do not remember technical details but I suspect that it's not possible. You are authenticated under some user and requests are made under this user. If you need requests under other user then you need to authenticate again.

Like
Blanka Bouskova
Blanka Bouskova September 15, 2016

Thank you Volodymyr for your effort! I should probably create a new question and call it: How to impersonate a user. 

I hope someone knows how to do it.

Like
Blanka Bouskova
Blanka Bouskova September 22, 2016

Thank you @David Teague,

you are right. I found this documentation where they wrote: "Atlassian OAuth with impersonation can only be used for application links between Atlassian applications."
So there is no way how to do at the moment if you want to use REST API.

Like
David Teague1
David Teague
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 25, 2016

Cheers Blanka for following this up. I suspected as much.  I don't know why Atlassian removed 2-legged OAuth if they also removed Trusted applications.  There is now no "secure" way of calling the API without passing clear text credentials if you want to do system to system calls.

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events