Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

OAUTH application link and permissions

Hi all,

I'm having an issue with permissions using the application link between Jira and Confluence. Bidirectional connection seems to be working fine. I'm able to load issues using Jira Macro on Confluence site, and I'm able to search Confluence knowledge base when searching in Jira's Service Desk portal.

According to documentation it should be like that "OAuth authentication redirects a user to log in to the remote application, after which tokens generated on their behalf are used to authorize requests made from the local application. The remote application handling the request uses the access permissions of the account with which the user logged in on that remote application."

My problem arises when I'm not logged in Confluence as a user (I'm an Anonymous user) and I'm trying to load Jira's issue macro. I'm getting an error "Jira project doesn't exist or you don't have permission to view it. " - this is working when I'll configure Anonymous access in Jira's project.

Second problem is when trying to add a new page from the template using Jira's API call. Again, work when Confluence's space is set with anonymous can add a page permission. Otherwise I'm getting:

  "message": "Could not create content with type page",
  "reason": "Forbidden"

 

My question then is what I'm missing here, when OAuth is granted with my use permissions and the system should handle requests on my user behalf. But it is actually using "anonymous" user privileges.

I can see Oauth tokens in my user profile on both ends.

 

2 answers

1 accepted

Hi all, I have found my issue. We are using Apache2 with simple AUTH (htaccess) as proxy server. To make this working with Tomcat our configuration contain RequestHeader unset "Authorization". Unfortunately this will remove any authorization header from client, so Jira's token.

I followed this manual

https://confluence.atlassian.com/kb/how-to-create-an-unproxied-application-link-719095740.html

With one difference - I created second Apache2 proxy on different port without simple auth configuration. This port is only allowed from Jira's IP address and has direct link to Confluence.

It works now.

Hi @Marian Rychtecky ,

Please check if you are using OAuth with Impersonation on the Application Link page. If yes, please change it to OAuth and try again.

I hope that this helps.

Thanks,
Moga

Hi @mogavenasan ,

 first of all, thank you for your reply. I tried both. 

OAuth - configured and authorized on behalf of the user with admin account on both sides. According documentation after authentication, this link should use for authorization same user who created a link and authenticated the OAuth token. However without "public" view on Confluence space I'm getting 404 - Forbidden for all requests, and vice versa - in Confluence I cannot load Jira's issues using default Jira macro, unless these issues are publicly visible.

 

OAuth with Impersonation - configured and same username on both sides configured, again without "public" view on Confluence space I'm getting 404 - Forbidden for all requests, same as described in previous paragraph.

Hi @Marian Rychtecky,

Not exactly sure what is going on with your configuration, usually OAuth with Impersonation should do the trick.

You might want to check if the JIRA application links core plugins were enabled properly as per Outgoing authentication shows 404 error message via Application Links configuration

Do you have any Reverse Proxy between Jira and Confluence? There might be something here that removing some part of the request that is in charge of the authentication.

Thanks,
Moga

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you