Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian Connect Addon and Session Management (ACE)

Lutz Bliska
Lutz Bliska January 31, 2017

We try to implement an add-on with ACE. The add-on needs to consume an 3rd party REST API.

To logon to the 3rd party REST API it needs specific user / password credentials. If the logon successful, an cookie sessionid will be created and this sessionid needs to pass for each request to the 3rd party REST API in the request header.

The idea is that the user needs to login over the login dialog inside the add-on and the cookie sessionid and other 3rd party REST API user specific information should me stored in confluence user profile properties.

That means the add-on needs to be handle multiuser-sessions and run on serveral conflucence instance.

How can i do that ?

Watch
Like Be the first to like this
867 views

2 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Answer accepted
James Hazelwood
James Hazelwood
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 7, 2017

Hi @Lutz Bliska,

This is the sort of situation where OAuth 2 would be very useful, but I'm assuming this 3rd party service doesn't offer it.

I think you'd need to ask the user for their login / password then pass them on to the service on their behalf, and store the cookie in the user entity properties and / or some kind of caching service like memcached or redis. You won't be able to intercept the cookie if the user logs in directly, because that's the exact sort of thing browsers and web protocols are designed to prevent.

The fact that you're doing it for several confluence instances shouldn't matter, as long as you're using some kind of unique identifier for storing the cookies.

It's more a question of your specific app's needs and architecture, but I hope those rough guidelines help.

 

Cheers,

James

 

View More Comments
Lutz Bliska
Lutz Bliska February 7, 2017

Hi @James Hazelwood 

Thank you for your support. 

Yes James, you are right , there is no OAuth 2 service available on the 3rd party side. 

Are the user entity properties also available for confluence add-ons based on ACE ?

Beacuse in the docs they are listed under JIRA section https://developer.atlassian.com/static/connect/docs/latest/modules/jira/entity-property.html

In case yes, do they have any limitations like max 100 entity properties available ? Or this kind of entity properties available per atlassian-user ?

So when the add-on will be used by 101 atlassian-user  at the same time it won't be crash somewhere ?

 

At least can you please provide me an example/documentation how to implement some kind user-specifc entity propertiy

Thank you once again

Like
Lutz Bliska
Lutz Bliska February 7, 2017

One additional question:

how do i test the session handling ? because i can only have one free user in my confluence-dev instance. Regards

Like
James Hazelwood
James Hazelwood
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 8, 2017

Ah, you're right I'm afraid, user properties are only supported in JIRA at the moment, so you'll probably need to use your own datastore / caching service. As long as you include the clientkey of the host, you won't need to worry about collisions between users with matching names on different hosts.

As for testing the session handling, dev instances provide:

  • 5 JIRA Software / Core users
  • 5 Confluence Users
  • 1 Service desk agent

So you've got multiple users to test with.

Happy developing!

James

 

Like
Reply
0 votes
Lutz Bliska
Lutz Bliska February 7, 2017

Hi @James Hazelwood, may be do you have an idea of this issue ? Regards

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events