Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,369,232
Community Members
 
Community Events
168
Community Groups

Jira Automation Rules, Send Web Request and APIs protected by OAuth 2.0

Edited
Deleted user Jan 03, 2021

Recently, I created an Automation Rule in Jira Software (Cloud) to make a REST Callout to a Salesforce API. Salesforce secures API calls with OAuth 2.0. As I could not find any articles regarding how to use OAuth with Jira Automation Rules, I am sharing what I worked out in the hope it will save others some time. Many APIs are secured by OAuth 2.0 so this information is broadly applicable.

OAuth 2.0 supports a bewildering number of options. Jira Automation Rules with Send web request only supports a few. I used the OAuth 2.0 Username-Password flow. Pros and cons are discussed in the linked article.

My objective was to make an outbound PUT /issue/{{issue.key}} to my Salesforce API whenever the value of a particular field changes on a Jira Issue (so Salesforce could update Jira Issues I had previously sync'd to it).

Steps:

  1. Add an Automation rule on Settings -> System in the AUTOMATION section at the bottom by clicking the Create Rule button.
  2. Select Field value changed in the list of Triggers.
  3. Choose from Select a field and pick Edit Issue from the For select list then click the Save button.
  4. Next, click New action.
  5. Scroll down to the Notification section and pick Send web request. The purpose of this first request is to submit required information in order to get an OAuth access token back from Salesforce.
  6. The URL for starting an OAuth 2.0 flow with my Salesforce Sandbox is https://test.salesforce.com/services/oauth2/token so I put that in the Webhook URL field. Had I been setting this up for Production, the URL would have been https://login.salesforce.com/services/oauth2/token.
  7. In Headers (optional), add a header Content-Type with a value of application/x-www-form-urlencoded. Note: this was required by Salesforce (even if you were able to use curl successfully without that header).
  8. Set HTTP method to POST.
  9. Set Webhook body to Custom data.
  10. Check Delay execution of subsequent rule actions...
  11. In the Custom data field, you add required information in a url-encoded form to get an access or session token. In my case (replacing capitalized items with actual values - Salesforce requires a token to be preceded by the password - these are separate values)...
  12. grant_type=password&client_id=CLIENT-ID&client_secret=CLIENT-SECRET&username=USERNAME&password=PASSWORDTOKEN
  13. Click the Save button.
  14. Under Add component, click New action.
  15. Under Notifications, click Send web request. This time, we'll make the call to the REST endpoint and provide the access token we received from the first step in the header of the second request.
  16. For my API, I entered https://mycompany.my.salesforce.com/services/apexrest/issue/{{issue.key}} in the Webhook URL field. Note the use of the Jira Issue key in the URL. This is specific to my API.
  17. Three Headers must be added:
    • Authorization with a value of Bearer {{webhookResponse.body.access_token}}. This is how you use a value from a previous Send web request. The access token (access_token) is the import value in the JSON it returned.
    • Accept with a value of application/json.
    • Content-Type with a value of application/json.
  18. For HTTP method, I selected PUT as required by my API in order to perform an update.
  19. Select Custom data from Webhook body select list.
  20. In the Custom data field, I entered the following (note the parameterized value containing the new value for my field):
  21. {
    "billingType": "{{fieldChange.toString}}"
    }
  22. Click the Save button.
  23. Enter the name of your automation on the right and click the Turn it on button.

Once turned on, this Automation rule fires whenever my field is changed, gets an OAuth 2.0 access token from Salesforce, then calls my APEX REST endpoint to update the appropriate record in Salesforce. The approach would not have been possible without the relatively new feature Wait for response for Send web request.

By the way, when you're on step 11, it helps to expand Validate your webhook configuration (at the bottom) and click the Validate link to ensure you are sending the right data required to get an access/session token.

Hopefully, this information will save you some time if you need Automation Rules to interact with OAuth 2.0-protected APIs.

6 comments

Great job @[deleted] !!!

wow.gif

Deleted user Jan 03, 2021

Thanks!

Thanks for this @[deleted]  - this looks a real interesting path to take for extending automation.

{
"billingType": "{{fieldChange.toString}}"
}

Can you please explain what is fieldChange.toString? Is it a custom field?

 

The reason am asking is that I am trying to create an automation rule to call a webhook using custom payload. But looks like the variable interpolation of the custom fields is not happening. 

 

This is tracked here: https://jira.atlassian.com/browse/JSDSERVER-6970?error=login_required&error_description=Login+required&state=f185345d-1c4f-4f3a-bca6-c22539fdded3

 

In case you are aware of such scenario, please let me know.  

Deleted user Jul 27, 2021

{{fieldChange.toString}} is a built-in smart parameter containing a string value for the field that was changed (per the field selected in Field value changed in your Automation Rule). In my case, it does refer to a custom field I added called Billing. I could have replaced fieldChange.toString with a reference to that custom field but I kept it generic for my purposes.

Thank you @[deleted] but I have been unsuccessful in getting the value from the custom fields. I tried all sorts but ins't working. 

 

Here is a sample of my payload.

 

{
"cluster": "${{request.customfiled_13710}}"
}

 

tried with 

{
"cluster": "${{request.cluster}}"
}

 

but nothing seems to work. 

For the value of cluster, I see a few issues:

  1. customfield has a typo
  2. The customfield property should be on issue
  3. This isn't a JavaScript formatted string so "$" is not needed

 

Here's an example of where I reference several custom fields. In some cases, I am specifying what to do if the value is null. Dropdown custom fields should be also use ".value". Certain built-in fields need ".name" (like issueType).

 

{
"billingType": "{{issue.customfield_10090.value|"None"}}",
"accountName":"{{issue.customfield_10086.value|"Acme, Inc."}}",
"subject":{{issue.summary.asJsonString}},
"issueType":"{{issue.issuetype.name|"Task"}}",
"opportunityUrl":"{{issue.customfield_10113}}"
}

 

Just wanted to say thank you as this was very clear and extremely helpful for my use case. 

@[deleted] Great post.

I have a similar workflow with ServiceNow. I was curious, in step 12 do you have the password in visible in plain text? I am trying to make an api call with credentials that cannot be found by a nosy admin, or somehow where I can restrict permissions to that particular automation rule.

Thanks!

@[deleted] Thank you for sharing as I was almost able to get it working. One question where I am stuck is how would you set up the callback URL? I noticed in your example, there wasn't any. Your help would be greatly appreciated.

My auth token response looks like this : 

auth.PNG

I'm using  authorization value as Bearer {{webResponse.Payload.access_token}} in header. But, I don't see value in webhook response, it looks empty like below : oauth.PNG

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events