Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Jira Automation Webrequest REST API Authorization

Currently I am trying to create a REST API webrequest between 2 Jira Instances and I want to use OAuth in order to authenticate the request. From what I've seen in the community and through my own testing, it seems that only Basic authentication has been used. Does automation allow for other types of authentication and if so, how would I use OAuth 1.0 authentication within the webrequest action? 

2 answers

1 accepted

1 vote
Answer accepted
Sam Harding Atlassian Team Mar 07, 2021

Hi @Alex Fang 

At this time, Automation for Jira does not provide OAuth integration out of the box. It is technically possible to set up OAuth using webhook triggers and actions, by manually performing the relevant OAuth steps (ie, fire off a web request to your OAuth provider's Authorization end point, with the redirect url pointing at another rule setup to listen on an incoming webhook, then from there hit the OAuth grant endpoint etc). This is very involved though, and is not really recommended, as it is complicated and somewhat brittle. Alternatively, you could manually generate an OAuth bearer token yourself, and configure rules to use that bearer token in your Authorization http header when making web requests. However, in that situation, users who have access to see the rule configuration would also be able to see the bearer token credentials.

Neither of these solutions are ideal, and so we consider Automation for Jira to not support OAuth at the moment. It is something we are aware of, and are actively looking at solutions for this problem.



Thanks for the quick and informational response!

Another thing I am wondering is how you can set up an OAuth connection between 2 Jira Server Instances. I tried following the steps described in but im not sure how to aquire the consumer key of the target Jira instance and what steps and actions to take in order to authorize our target as there is no dedicated jar or commands to obtain the request and access tokens.

Sam Harding Atlassian Team Mar 08, 2021

Hi @Alex Fang 

The consumer key is a secret passphrase you generate for your consumer. In many OAuth flow descriptions this is referred to as "Client Secret". You can set this to be whatever secret value you would like (but it is recommended to use a strong passphrase generator for this purpose).

Once you have configured the Incoming Authentication for the OAuth consumer, then you need to have some client code to do the OAuth flow. There are multiple libraries out there for OAuth in various languages, but Atlassian provides a sample repository for this purpose here Following the steps in the readme of that repository (and then the readme in the directory of the language you which to use) should prompt you to initialise the OAuth flow for you user.



Hi @Sam Harding ,

Thanks once again for the helpful response. I was just wondering in regards to your first response "Alternatively, you could manually generate an OAuth bearer token yourself, and configure rules to use that bearer token in your Authorization http header when making web requests." I'm not quite sure how to do this as I'm quite new to OAuth. Is there any documentation on it?


Hi team, 

Any update on this oauth feature for jira automation? 

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events