Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,463,372
Community Members
 
Community Events
176
Community Groups

Is it possible to get an authentication token through OAuth 2.0 using an app password?

I am trying to let users of my application post issues directly to a repository. To do this, I have set up an account for the application that also has access to the repository. Before creating an issue we need to get an authentication token as per this article. I am looking to use the OAuth2.0 Password grant type and the password I wish to use is my app password as opposed to my actual password. This is because with the app password I can manage the scope of access that the password has and if it were to get exposed it does not pose a major security risk. 

 

Is this at all possible or should I be going about this in another way altogether?  

2 answers

1 accepted

1 vote
Answer accepted
Caroline R Atlassian Team Jan 06, 2022

Hi, @argentum47

Thank you for reaching out to Atlassian Community!

When creating an OAuth, you shouldn’t inform your password or an app password, so I would like to clarify where you are using a password. In case you would like to read the process to create an OAuth, you can access the following link:

What you could do is use an App password to authenticate this request instead of an OAuth.

Please feel free to correct me in case I have misunderstood something here.

Kind regards,
Caroline

Hi, @Caroline R 

 

As per the link you sent, I'm using one of the four RFC-6749 grant flows, specifically the password grant type. I'm realizing now that If I'm to use the app password, I can't use it to get the OAuth token but I should be using basic authentication instead.

 

Thank you for the assistance!

0 votes
Vishwas Rising Star Jan 06, 2022

Hi @argentum47 

I believe the purpose of creating Oauth2.0 token is to use this as password instead of actual password in other applications so that it reduces to login over and again.

 Regards,

Vishwas

Hi @Vishwas ,

 

I realize now that using the App Password and Basic authentication is what I need to do.  Using an Oauth2.0 token wouldn't work for my use case as it expires. 

 

Thank you for your insight!

Like Vishwas likes this

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events