You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
With Basic Auth, the user credentials are passed with every request thus requiring TLS on every connection to keep that password from being passed in the clear. In the case of Jira Align, the credentials are stored on the Jira Align side and passed in each REST API request as mentioned previously.
OAuth requires the "OAuth dance" (3LO) to be completed so that Jira Align retrieves the access token as a result. The access token is sent in every REST API call via TLS as opposed to a username/password. This token can be revoked from the Jira side at any time and require another OAuth 3 Step handshake to take place to retrieve another token. By default, OAuth Access Tokens expire at 5 years. However, the token can be revoked manually at any time by going to Profile > Tools > View OAuth Access Tokens in Jira Server or Data Center or Personal Jira Settings > Manage Apps in Jira Cloud.
The username and password (or username + API Key) are combined and Base64 encoded and placed in the header.
Basic Auth is used in conjunction with HTTPS per recommendation of RFC 7617 and Jira Align Security Policies. The data is encrypted in transit to the TLS termination endpoint via TLS 1.2 ECDHE ciphers.
1A) Jira Service Account Username will be entered into the Jira Username field and Jira Service Account Password (or API Token) goes in the API Token/Jira Password field.
1B) For API Token Based Proxies that accept Basic Auth, you can enter any username in the Jira Username field and the Proxy’s API Token in the API Token/Jira Password field.
Jira Align Connector Setup – Basic Auth:
The OAuth 1.0a implementation for Jira Align is designed to setup this OAuth 1.0a Authentication between Jira Align and Jira Software. Jira Align will not utilize OAuth 1.0a in any other manner.
Create a request for Jira Align to obtain a request token.
Have the user authenticate, and send Jira Align a request token.
Convert the request token into a usable user access token.
See this article for more info: Jira REST API Example OAuth Authentication
Jira Align Connector Setup – OAuth 1.0a:
Admin > Connectors > Jira Settings > Jira Connectors
This field can be filled in with any descriptive label. Spaces and symbols will cause issues during setup so do not use these.
This is generated by Jira Align and used as part of the OAuth 3 Step Setup Process.
For specific step-by-step instructions of setting up OAuth 1.0a in both Jira Align and Jira Software, please see 1 of the 2 following articles:
Jira Align to Jira Server/Data Center Connectivity - Quick Guide
Jira Align to Jira Cloud Connectivity - Quick Guide
Jira Server OAuth
Network & Security Solutions Architect