Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

3rd party gadget requires authorization for each Jira user

Alex_Henderson
Alex_Henderson
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 7, 2011

When adding a 3rd party gadget to my Jira dashboard (one I have built myself), it prompts me for my credentials as part of a 3-legged OAuth authorization - I login, authorize the gadget, and can then see protected data from the 3rd party app.

But if I then share that dashboard in Jira, other users when viewing the dashboard are prompted to authenticate before they can see the data as well - they can't use the OAuth access token associated with my authorizing the gadget.

This causes issues as not all those users will have a valid login/password to the 3rd party system where the data is being retrieved from.

How can I authorize a 3rd party gadget once and have the OAuth access token shared by all Jira users, is there something I can change in the gadget spec perhaps?

Watch
Like Colin Goudie likes this
818 views

1 answer

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Answer accepted
Jeremy Largman
Jeremy Largman
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 23, 2012

This is just the way gadgets work out of the box. Think about iGoogle (or, I suppose, imagine if you could share your iGoogle dashboard) - everyone has to have their own credentials, unless it's static content.

Having said that, you can indeed rewrite the gadget spec and hard-code authentication credentials. Obviously, that's not ideal; it's not meant to work that way. Your creds would be fairly exposed that way.

Basically, the point is, if the source is password-protected, then whoever's viewing it needs a password.

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events