Currently I am trying to create a REST API webrequest between 2 Jira Instances and I want to use OAuth in order to authenticate the request. From what I've seen in the community and through my own testing, it seems that only Basic authentication has been used. Does automation allow for other types of authentication and if so, how would I use OAuth 1.0 authentication within the webrequest action?
Hi @Alex Fang
At this time, Automation for Jira does not provide OAuth integration out of the box. It is technically possible to set up OAuth using webhook triggers and actions, by manually performing the relevant OAuth steps (ie, fire off a web request to your OAuth provider's Authorization end point, with the redirect url pointing at another rule setup to listen on an incoming webhook, then from there hit the OAuth grant endpoint etc). This is very involved though, and is not really recommended, as it is complicated and somewhat brittle. Alternatively, you could manually generate an OAuth bearer token yourself, and configure rules to use that bearer token in your Authorization http header when making web requests. However, in that situation, users who have access to see the rule configuration would also be able to see the bearer token credentials.
Neither of these solutions are ideal, and so we consider Automation for Jira to not support OAuth at the moment. It is something we are aware of, and are actively looking at solutions for this problem.
Thanks for the quick and informational response!
Another thing I am wondering is how you can set up an OAuth connection between 2 Jira Server Instances. I tried following the steps described in https://developer.atlassian.com/server/jira/platform/oauth/ but im not sure how to aquire the consumer key of the target Jira instance and what steps and actions to take in order to authorize our target as there is no dedicated jar or commands to obtain the request and access tokens.
Hi @Alex Fang
The consumer key is a secret passphrase you generate for your consumer. In many OAuth flow descriptions this is referred to as "Client Secret". You can set this to be whatever secret value you would like (but it is recommended to use a strong passphrase generator for this purpose).
Once you have configured the Incoming Authentication for the OAuth consumer, then you need to have some client code to do the OAuth flow. There are multiple libraries out there for OAuth in various languages, but Atlassian provides a sample repository for this purpose here https://bitbucket.org/atlassianlabs/atlassian-oauth-examples/src/master/. Following the steps in the readme of that repository (and then the readme in the directory of the language you which to use) should prompt you to initialise the OAuth flow for you user.
Hi @Sam Harding ,
Thanks once again for the helpful response. I was just wondering in regards to your first response "Alternatively, you could manually generate an OAuth bearer token yourself, and configure rules to use that bearer token in your Authorization http header when making web requests." I'm not quite sure how to do this as I'm quite new to OAuth. Is there any documentation on it?
Hi, Jira users! Do you use Jira alongside Microsoft Teams? We want to hear how you’ve used the power of Jira Cloud and Microsoft Teams (via the Jira Cloud for Microsoft Teams app) to achieve a team...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events