Hi there,
I'm struggling to get oauth 2.0 work for my application.
My external php app automatically creates an Jira-issue over the jira API, when a trigger has been set, which works fine with basic auth (POST my-application.atlassian.net/rest/api/3/issue). But to be secure I want to implement oAuth 2.0.
I already got the access token, after manually call the URL from the developer console and clicking on the ALLOW button.
Now I do not know, how to automate the Step, when the user prompt appears? This should be a automized process, without user interaction.
I followed already the official documentation for oauth-2-3lo-apps and the official youtube tutorial, but at this step, I can't find an answer for me:
Did I miss something? Can someone help me out here?
Greetings, chris
Hello @Christoph Murauer ,
Welcome to the Atlassian Community!
I might not be the best person to answer questions on development related topics. However, from what I understand, that step cannot be automated since each user has to authorize the app to access their data on the Atlassian site.
This is explicitly mentioned the official documentation for oauth-2-3lo-apps :
To the user, the authorization process looks like this:
- The app directs the user to an Atlassian screen that prompts them to grant access to their data on the Atlassian site. The screen displays the access being requested in the Atlassian product.
- The user grants (or denies) access to their data on the Atlassian site, via the screen.
- The user is directed back to the external service. If the user granted access, the external service can now access data (within the specified scopes) from the Atlassian site on the user's behalf.
Automating that step would mean giving access to the users data without their consent.
Finally, for the future, please notice that this is not the best place to get help on development related questions. The right resources are listed in https://developer.atlassian.com/resources.
Specifically:
Cheers,
Dario
@Christoph Murauer This can be automated by specifying prompt parameter value to none instead of consent.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
How do we skip it if the user has already consented to your app once? Currently, it is on every single login attempt using the rest API. I tried changing the prompt field from "consent" to "none" and it still forces the user to consent on every login.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.