Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Feature request: OAuth2 support for activity feed endpoint

Tommi Palomäki October 20, 2023

Background

Atlassian platform provides an activity feed endpoint at https://<myorganization>.atlassian.net/activity. Even if it's not based on the most up-to-date technology it's still the only way to access user's activity programmatically. The endpoint is documented here.

The activity feed endpoint can be accessed by the browser when atlassian.net session is valid. Also, the feed can be accessed with the help of API tokens (that can be configured here).

However, the activity endpoint cannot be accessed with OAuth2-acquired access token. There is no scope for it and even if the token had been granted wide scope access the activity feed shows no activity (just like it shows with no authentication at all).

 

Feature Request

Please add a new granular scope that can be configured at developer.atlassian.com and acquired via OAuth2 flow so that the access code can then be used to fetch activity feed at https://<myorganization>.atlassian.net/activity with the user's rights.

The current option to use API token is not good from the security point of view. External applications should utilize OAuth2 flow and it should enable the application to access activity feed.

 

2 answers

1 accepted

0 votes
Answer accepted
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 17, 2023

Hello @Tommi Palomäki 

If you really think it would be a good idea for Atlassian to add OAuth 2.0 for that endpoint, log that as a Feature Request. The request would probably need to be in the Atlassian Ecosystem section.

Also, by "wide scope access" are you inferring a scope that would allow the lookup of the activity of all users within an organisation using, say, a Jira Admin's credentials? I don't think that's likely to be considered.

0 votes
Tommi Palomäki April 25, 2024

Thank you @David Bakkers . I created a feature request as you suggested, https://jira.atlassian.com/projects/ECO/issues/ECO-257.

David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 26, 2024

Nice work!

I voted for it but, not to put a damper on your efforts, it's a very obscure part of Atlassian's infrastructure that's really a relic from the old days of Jira/ Confluence when they had XML - RPC APIs. I'd be surprised if more that 6 people on the planet care if it obtained OAuth 2.0 security or not and voted for your Feature Request :)

If I were in Atlassian's position, I'd replace that whole endpoint with a new one that returned JSON, not XML, and make it part of the Cloud Admin REST API collection.

Anyhow, good luck.

Tommi Palomäki April 26, 2024

Yep, agreed. I would really much appreciate a modern REST endpoint for fetching the activity feed. The old relic is also very slow and difficult to filter with the query.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events