You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Hey guys, got an interesting question.
So, I configured an external app with jira using OAuth. I followed the oauth procedures from Atlassian and everything works fine. My external app can communicate with my Jira instance no problem.
The thing is, when my external app creates a comment in a Jira ticket, its done under my name!
When I created the certificate for the OAuth, I did not specify an email address or my name. In fact, I did the whole OAuth process, linked above, using an virtual machine that did not know anything about me.
Is it because when I went to the temporary authorize page (Step 3) in documentation, I was logged in as me?
Is there a place I can set the incoming oauth connection to be a different name, like a service name instead of mine?
Thanks in advance,
Hello @Jason Jardina and welcome to the Community!
Per the instructions you linked,
This process is commonly known as theOAuth dance. Jira uses 3-legged OAuth (3LO), which means that the user is involved by authorizing access to their data on the resource (as opposed to 2-legged OAuth, where the user is not involved).
If you have an extra license to allocate to a generic user, or a generic licensed user account on your instance currently, you can follow the steps you just did but with that account. That would then result in the name of that account being associated with any actions that occur in Jira.
Hope this helps
Good catch. This is most likely the answer.
I think this is an artifact of accepting the authorization under my own account. I will go through the dance again and when I get to the step of accepting the authorization, I'll be sure to be logged in as a service agent instead of myself. I was under the impression it would use the certificate values or more likely, the application name under application links where I defined the oauth connection. I wouldn't mind if it just said OAuth or external application, but not my name on every comment organization wide. I don't want to be that popular in my organization. :D
I haven't worked exactly in this situation with OAuth, but I did run into something very similar with a different integration.
I had to generate an API Key, and that key was linked to my Jira user account - hence the integration using that key logged everything as me.
I solved the issue by using a service account to generate my keys going forward.
Recommended Learning For You
Level up your skills with Atlassian learning
Configure Jira Software, Jira Core, or Jira Service Management, including global settings, permissions, and schemes.
Managing Jira Projects Cloud
Learn to create and configure company-managed projects in Jira Software and partner effectively with Jira Admins.
Managing Permissions in Jira Cloud
Sharpen your skills at configuring and troubleshooting permissions in Jira Cloud with this free course.