Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to Allow users to authorize our app with Oauth 1.0 with any cloud url

winning
winning
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 27, 2020

We have a requirement to create an integration with Jira where we can create s user, delete a user and a bunch of other things on behalf of a jira cloud admin user.
I have tried Oauth 2.0(3LO) but the create user endpoint returns an error of not being enabled to work with Oauth 2.0. So decided to try out Oauth 1, but on setting up I realize oauth 1.0 is cloud specific, and so for our users to be able to use it the admin has to set up an application link to us.
So wondering if there is another way to accomplish what we want without the hassle of each admin going through the application link setup process

Answer
Watch
Like Be the first to like this
584 views

1 answer

0 votes
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 8, 2020

Hello @winning ,

Welcome to the Atlassian Community!

If I understand correctly you are building an app to manage users in Jira and you would like to know the best way to authenticate it. Is this correct?

If this is correct, then you might want to review the below page:

Security

There are a few basic options for security, depending on what sort of app you are trying to make:

  • Forge apps use OAuth 2.0 when authenticating with Jira. Scopes are an OAuth 2.0 mechanism that limits an app's access to a user's account. The Forge platform also provides managed APIs to make requests on behalf of the user, meaning that third-party code is never trusted with user credentials.
  • Connect apps have HTTPS and JWT authentication built in to secure communication between your app, Jira, and the user. Our Connect toolkits, Atlassian Connect Express (ACE) and Atlassian Connect for Spring Boot, handle most of the security setup for new apps. Note that OAuth 2.0 (3LO) isn't supported for Connect apps.
  • OAuth 2.0 (3LO) apps use OAuth 2.0 (3LO) to pass permissions and data from Jira.
  • Basic auth is supported for making API calls, but is not recommended unless you have other security measures in place.

Read the Security overview for more details.

 

In your case I'd suggest to build a connect app. For further details on this please see: 

 

 

Also, for the future, please notice that this might not be the best place to get help on development related questions. The best resources are the ones listed in https://developer.atlassian.com/resources.

Specifically:

 

I hope this helps.

 

Cheers,
Dario

View More Comments
winning
winning
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 8, 2020

Thanks for the answer @Dario B ,
I will try out connect app.


cheers,
Winning

Like Dario B likes this
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 9, 2020

You are very welcome @winning ! :) 

Hopefully everything will go smooth. However, in case of any issue, you might want to ask in the developers community or create a DEVHELP request.

Cheers,
Dario

Like
Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events