My application is connected with JIRA via Application Link and is using OAuth scheme for user authentication. So far so good. The main idea of app was to continiously provide info in realtime about issue changes to the application user. For this purpose, I was using rest api for creating a webhook during configuration process in app. Using webhook rest api requires JIRA Administrator permissions, and this is constantly frightening some users during the OAuth dance, because they believe that app can "hack" JIRA instance.
One way to solve this is to rid off the automatic webhook creation during configuration flow, and ask user to create it themselfs.
But, maybe there is a way to create such JIRA Administrators like group, whose users can only have read permissions on jira issues, but can work with webhooks via rest api?
I don't think that is currently possible. A possible approach is to build a simple add-on for JIRA and move that webhook creation logic into the add-on which internally exposes a single api for your app to consume. You can then have a validation in the api to check for `current logged in user` to belong to a specific group in JIRA to determine if the user has rights.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs