Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
Level
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jira Automation Webrequest REST API Authorization

Currently I am trying to create a REST API webrequest between 2 Jira Instances and I want to use OAuth in order to authenticate the request. From what I've seen in the community and through my own testing, it seems that only Basic authentication has been used. Does automation allow for other types of authentication and if so, how would I use OAuth 1.0 authentication within the webrequest action? 

1 answer

1 accepted

1 vote
Answer accepted
Sam Harding Atlassian Team Mar 07, 2021

Hi @Alex Fang 

At this time, Automation for Jira does not provide OAuth integration out of the box. It is technically possible to set up OAuth using webhook triggers and actions, by manually performing the relevant OAuth steps (ie, fire off a web request to your OAuth provider's Authorization end point, with the redirect url pointing at another rule setup to listen on an incoming webhook, then from there hit the OAuth grant endpoint etc). This is very involved though, and is not really recommended, as it is complicated and somewhat brittle. Alternatively, you could manually generate an OAuth bearer token yourself, and configure rules to use that bearer token in your Authorization http header when making web requests. However, in that situation, users who have access to see the rule configuration would also be able to see the bearer token credentials.

Neither of these solutions are ideal, and so we consider Automation for Jira to not support OAuth at the moment. It is something we are aware of, and are actively looking at solutions for this problem.

Cheers

Sam

Thanks for the quick and informational response!

Another thing I am wondering is how you can set up an OAuth connection between 2 Jira Server Instances. I tried following the steps described in  https://developer.atlassian.com/server/jira/platform/oauth/ but im not sure how to aquire the consumer key of the target Jira instance and what steps and actions to take in order to authorize our target as there is no dedicated jar or commands to obtain the request and access tokens.

Sam Harding Atlassian Team Mar 08, 2021

Hi @Alex Fang 

The consumer key is a secret passphrase you generate for your consumer. In many OAuth flow descriptions this is referred to as "Client Secret". You can set this to be whatever secret value you would like (but it is recommended to use a strong passphrase generator for this purpose).

Once you have configured the Incoming Authentication for the OAuth consumer, then you need to have some client code to do the OAuth flow. There are multiple libraries out there for OAuth in various languages, but Atlassian provides a sample repository for this purpose here https://bitbucket.org/atlassianlabs/atlassian-oauth-examples/src/master/. Following the steps in the readme of that repository (and then the readme in the directory of the language you which to use) should prompt you to initialise the OAuth flow for you user.

Cheers

Sam

Hi @Sam Harding ,

Thanks once again for the helpful response. I was just wondering in regards to your first response "Alternatively, you could manually generate an OAuth bearer token yourself, and configure rules to use that bearer token in your Authorization http header when making web requests." I'm not quite sure how to do this as I'm quite new to OAuth. Is there any documentation on it?

-Alex

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Automation

Announcing the Jira automation template library!

Hi all,  After many months of work, I am delighted to announce the launch of the Jira Automation Template Library!  The Template Library is a new website dedicated to all things Jira au...

1,007 views 17 26
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you