Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira slack link escapes Chrome Profile sandbox

Nate Gallaher
Nate Gallaher
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 8, 2025

I have two Chrome Profiles set up on my desktop computer. One is for Work, and the other is for Personal.  Chrome profiles keep cookies, history, password managers, extensions, etc all separate from each other.   

This generally works for all websites that I've interacted with, with the exception of JIRA Cloud Slack links. If I click on a slack link for a project that only my Work profile should be able to read, but it's opened in my personal profile, I find that I am suddenly logged in to JIRA with my work email account, but in my Personal chrome profile which should not know anything about my work life.  I am guessing that JIRA Slack links with their `atlorigin` argument are somehow pre-authenticated as my user and cause the browser to skip the auth workflow.   I would like this to not be the case.

How can I ensure that JIRA links from slack go through the appropriate authentication?

This is not new behavior and has been ongoing for some years now across many Chrome and (I presume) JIRA Cloud updates.

Auth mechanism: Google integration
Chrome version: (currently) Version 131.0.6778.204 (Official Build) (64-bit)

Reproduction:

  1. Create two profiles in Chrome. (Profile A, Profile B)
  2. Open a browsing instance in one of each. (Instance A, Instance B)
  3. Have most recently had Instance A active.
  4. Open Slack with the Jira Cloud App connected.
  5. Open the Jira slack app entry and click on any JIRA issue link.
  6. See that the link is opened in Instance A.
  7. Click on Instance B to raise it.
  8. In Slack, click on the issue link again.
  9. See that the issue is opened in Instance B.
  10. Authentication workflows were not completed in either instance and yet private access is achieved.

Desired behavior:
JIRA Slack links are not pre-authorized and instead require the user browser to have acquired credentials itself.  Thus, a link being opened in a Personal profile would be stopped at the login screen, whereas a link opened in my work profile would succeed as long as I had previously logged in to JIRA in the profile.

What I Have Tried:

  • Force-logout of JIRA in each profile
  • Chrome cookie purge
  • Chrome history purge
  • Reinstalled computer / browser
  • Reviewed available configuration items for Slack/JIRA integration and found no relevant pre-auth link option.
Answer
Watch
Like Be the first to like this
28 views

0 answers

Suggest an answer

Log in or Sign up to answer
Jira
Jira Mobile Apps
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events

    See all events