Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Automation Webrequest REST API Authorization

Alex Fang
Alex Fang March 5, 2021

Currently I am trying to create a REST API webrequest between 2 Jira Instances and I want to use OAuth in order to authenticate the request. From what I've seen in the community and through my own testing, it seems that only Basic authentication has been used. Does automation allow for other types of authentication and if so, how would I use OAuth 1.0 authentication within the webrequest action? 

Answer
Watch
Like Be the first to like this
3043 views

3 answers

1 accepted

1 vote
Answer accepted
Sam Harding
Sam Harding
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 7, 2021

Hi @Alex Fang 

At this time, Automation for Jira does not provide OAuth integration out of the box. It is technically possible to set up OAuth using webhook triggers and actions, by manually performing the relevant OAuth steps (ie, fire off a web request to your OAuth provider's Authorization end point, with the redirect url pointing at another rule setup to listen on an incoming webhook, then from there hit the OAuth grant endpoint etc). This is very involved though, and is not really recommended, as it is complicated and somewhat brittle. Alternatively, you could manually generate an OAuth bearer token yourself, and configure rules to use that bearer token in your Authorization http header when making web requests. However, in that situation, users who have access to see the rule configuration would also be able to see the bearer token credentials.

Neither of these solutions are ideal, and so we consider Automation for Jira to not support OAuth at the moment. It is something we are aware of, and are actively looking at solutions for this problem.

Cheers

Sam

View More Comments
Alex Fang
Alex Fang March 8, 2021

Thanks for the quick and informational response!

Another thing I am wondering is how you can set up an OAuth connection between 2 Jira Server Instances. I tried following the steps described in  https://developer.atlassian.com/server/jira/platform/oauth/ but im not sure how to aquire the consumer key of the target Jira instance and what steps and actions to take in order to authorize our target as there is no dedicated jar or commands to obtain the request and access tokens.

Like
Sam Harding
Sam Harding
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 8, 2021

Hi @Alex Fang 

The consumer key is a secret passphrase you generate for your consumer. In many OAuth flow descriptions this is referred to as "Client Secret". You can set this to be whatever secret value you would like (but it is recommended to use a strong passphrase generator for this purpose).

Once you have configured the Incoming Authentication for the OAuth consumer, then you need to have some client code to do the OAuth flow. There are multiple libraries out there for OAuth in various languages, but Atlassian provides a sample repository for this purpose here https://bitbucket.org/atlassianlabs/atlassian-oauth-examples/src/master/. Following the steps in the readme of that repository (and then the readme in the directory of the language you which to use) should prompt you to initialise the OAuth flow for you user.

Cheers

Sam

Like
Alex Fang
Alex Fang March 10, 2021

Hi @Sam Harding ,

Thanks once again for the helpful response. I was just wondering in regards to your first response "Alternatively, you could manually generate an OAuth bearer token yourself, and configure rules to use that bearer token in your Authorization http header when making web requests." I'm not quite sure how to do this as I'm quite new to OAuth. Is there any documentation on it?

-Alex

Like
Reply
1 vote
Hamed Tayebikhorami
Hamed Tayebikhorami
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 6, 2022

Hi team, 

Any update on this oauth feature for jira automation? 

Reply
0 votes
Tony Hernandez
Tony Hernandez February 28, 2023

@Alex Fang - Has there been any update on this topic?

Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Automation
TAGS
AUG Leaders

Atlassian Community Events

    See all events