Read-only application link

BenH April 20, 2017

I'm developing an application which connects to JIRA using a user's credentials (through OAuth), but which only needs read access. Currently, when a user accesses the application, JIRA's OAuth authorization page says "The application foo would like to have read and write access to your data on foobar.atlassian.net" (emphasis theirs). 

I'd rather request only read permissions, to prevent accidentally corrupting data and to reassure users that I don't intend to mess with their stuff. How can I configure things such that only read access is requested?

1 answer

0 votes
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 20, 2017

Once you create the application link, you will be asked to create an OAuth token by logging in with a valid JIRA user. At that time, you can make sure that the user used only has "Read Access". 

In short, it is not done at the app link level but at the user level.

BenH April 20, 2017

That's the thing, though... these are just normal users, who need and have full r/w access when using JIRA directly. (And, of course, I don't want them to have to log out from JIRA and into some secondary read-only account every time they want to use my app.) Is there some way for an application to request, and the user to grant, less access than the user themself has?

Like George Fraser likes this
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 20, 2017

I am not sure if there is an option. None known to me. Will leave it to others to chime in.

Suggest an answer

Log in or Sign up to answer