Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

OAUTH application link and permissions

Marian Rychtecky
Marian Rychtecky December 3, 2020

Hi all,

I'm having an issue with permissions using the application link between Jira and Confluence. Bidirectional connection seems to be working fine. I'm able to load issues using Jira Macro on Confluence site, and I'm able to search Confluence knowledge base when searching in Jira's Service Desk portal.

According to documentation it should be like that "OAuth authentication redirects a user to log in to the remote application, after which tokens generated on their behalf are used to authorize requests made from the local application. The remote application handling the request uses the access permissions of the account with which the user logged in on that remote application."

My problem arises when I'm not logged in Confluence as a user (I'm an Anonymous user) and I'm trying to load Jira's issue macro. I'm getting an error "Jira project doesn't exist or you don't have permission to view it. " - this is working when I'll configure Anonymous access in Jira's project.

Second problem is when trying to add a new page from the template using Jira's API call. Again, work when Confluence's space is set with anonymous can add a page permission. Otherwise I'm getting:

  "message": "Could not create content with type page",
  "reason": "Forbidden"

 

My question then is what I'm missing here, when OAuth is granted with my use permissions and the system should handle requests on my user behalf. But it is actually using "anonymous" user privileges.

I can see Oauth tokens in my user profile on both ends.

 

Answer
Watch
Like Be the first to like this
1738 views

2 answers

1 accepted

1 vote
Answer accepted
Marian Rychtecky
Marian Rychtecky January 8, 2021

Hi all, I have found my issue. We are using Apache2 with simple AUTH (htaccess) as proxy server. To make this working with Tomcat our configuration contain RequestHeader unset "Authorization". Unfortunately this will remove any authorization header from client, so Jira's token.

I followed this manual

https://confluence.atlassian.com/kb/how-to-create-an-unproxied-application-link-719095740.html

With one difference - I created second Apache2 proxy on different port without simple auth configuration. This port is only allowed from Jira's IP address and has direct link to Confluence.

It works now.

View More Comments
mogavenasan
mogavenasan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 8, 2021

(y)

Like
Reply
0 votes
mogavenasan
mogavenasan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 3, 2021

Hi @Marian Rychtecky ,

Please check if you are using OAuth with Impersonation on the Application Link page. If yes, please change it to OAuth and try again.

I hope that this helps.

Thanks,
Moga

View More Comments
Marian Rychtecky
Marian Rychtecky January 4, 2021

Hi @mogavenasan ,

 first of all, thank you for your reply. I tried both. 

OAuth - configured and authorized on behalf of the user with admin account on both sides. According documentation after authentication, this link should use for authorization same user who created a link and authenticated the OAuth token. However without "public" view on Confluence space I'm getting 404 - Forbidden for all requests, and vice versa - in Confluence I cannot load Jira's issues using default Jira macro, unless these issues are publicly visible.

 

OAuth with Impersonation - configured and same username on both sides configured, again without "public" view on Confluence space I'm getting 404 - Forbidden for all requests, same as described in previous paragraph.

Like
mogavenasan
mogavenasan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 4, 2021

Hi @Marian Rychtecky,

Not exactly sure what is going on with your configuration, usually OAuth with Impersonation should do the trick.

You might want to check if the JIRA application links core plugins were enabled properly as per Outgoing authentication shows 404 error message via Application Links configuration

Do you have any Reverse Proxy between Jira and Confluence? There might be something here that removing some part of the request that is in charge of the authentication.

Thanks,
Moga

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events