Connection between JIRA 6.2.4 and Fisheye 3.4.3 even possible?

Former working connection via "Trusted application" broke after upgrading both JIRA and FishEye.
Is it right that we need to switch to OAuth now as suggested by the link?

What could be the reason that in JIRA's application link to fisheye the tabs for "Trusted application" and "OAuth" always fails to load for "Outgoing connections" (infinite spinning progress indicator)?

Please help,


7 answers

1 accepted

0 votes
Accepted answer

Hi Martin,

If you are using a standalone JIRA, you can start it from FishEye. Using JIRA OnDemand requires that you start creating it from JIRA.

I'm sorry for the confusion about "we do recommend OAuth" and "requires OAuth".

In fact, the Development Panel requires OAuth to work, but the "Trusted Applications" option is still there, so you would be free and able to use it instead of OAuth. However, by doing this you wouldn't have the Development Panel. If I'm not mistaken, I think that you would still be able to have the Source and Reviews tab if JIRA FishEye Plugin is enabled, but this is going to be discontinued in the future.

Hi Gustavo,

thanks for clarification. I can drop the "Source" and "Reviews" tabs easily as long as I'd still able to make smart commits to log my time.

Kindest regards,


Maybe try syncing clock on both servers. It may help.

Hey Andris,

both Fisheye and JIRA are installed on the same server.

Thank you, nevertheless. :-)

0 votes

Martin, is it possible to provide some log entries when trying to synch both apps? Is there any error logged? That will help with the troubleshoot. :)

Hi Luciano,

nothing really suspicious. Log is somewhat polluted by the warning of a pending notification caused by a meanwhile de-installed plugin (Gant-Chart). Do you have a step-by-step manual describing the right wiring for these particular versions? Your documentation system is such a mess and refers always to outdated versions of JIRA.

0 votes

Hello Martin,

As Piotr mentioned in the link you provided, the development panel introduced in Jira 6.2 requires App Links with OAuth and 2-legged authentication enabled.

You can also take a better look at this page introducing the feature:

Hope this helps clear up things.

Benito Picarelli

Hi Martin,

Yes, we do recommend to have the Application Link configured as OAuth in the latest versions of JIRA and FishEye in order to have the integration functionalities properly working. Trusted Applications is a model created by Atlassian to allow the execution of specific functions on behalf of any user. This is different from OAuth, which executes functions on behalf of a resource owner. Please, take a look at the OAuth document as I believe it will be helpful to configure an Application Link with OAuth.

In the latest versions of JIRA and FishEye both Source and Reviews tabs were replaced by the Development Panel, but it works only when using OAuth.

I'd suggest you to give a try deleting the Application Link from both ends (JIRA and FishEye), and try re-creating it using OAuth.

Hello Gustavo and Benito,

at first I just want to thank you for trying to help me out. However, I am somewhat puzzled about the difference between "we do recommend OAuth" and "requires OAuth". :-)

Well, I jut got rid of the connector on both ends. Is it okay to start "re-wiring" them starting from FishEye? Or am I enforced to create the new application link in JIRA?


Could you please explain why/when 2-legged OAuth would need to allow user impersonation? Wouldn't this over-ride individual user project access permissions to data on the connected server?


2-LO with impersonation is making the system behave more like Trusted Applications, but still using the OAuth protocol. It allows, for example, James to access Instance A and loads a page that needs data from Instance B, that perhaps he does not have access to, but user account Jeff does have access to. So James loads the page, Instance A collects data from Instance B by posing as user Jeff, and returns all the data to James.

This is not hugely recommended for obvious security implications, but is there as a convenience option for certain setups.

So yes. And it appears it is offered to support access to data without access to the integrated application/project space? That seems strange to me, I can't imagine a use case other than as a license cost control method. Happily, I don't need it.

However, I find I can't get full and appropriate data integration access for Plugins between JIRA and FE/Cruc using only OAuth. It breaks the Source tab on JIRA issues (Fisheye Plugin). I've purposefullly delayed upgrading to JIRA 6.2 because of OAuth, hoping to better understand the implications first. Currently, it looks like I will need both Trusted Applications and OAuth methods configured/enabled (which seems to negate the reasoning behind the switch). It would be helpful if documentation better addressed when you need both.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,304 views 12 19
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you