I'm developing an application which connects to JIRA using a user's credentials (through OAuth), but which only needs read access. Currently, when a user accesses the application, JIRA's OAuth authorization page says "The application foo would like to have read and write access to your data on foobar.atlassian.net" (emphasis theirs).
I'd rather request only read permissions, to prevent accidentally corrupting data and to reassure users that I don't intend to mess with their stuff. How can I configure things such that only read access is requested?
Once you create the application link, you will be asked to create an OAuth token by logging in with a valid JIRA user. At that time, you can make sure that the user used only has "Read Access".
In short, it is not done at the app link level but at the user level.
That's the thing, though... these are just normal users, who need and have full r/w access when using JIRA directly. (And, of course, I don't want them to have to log out from JIRA and into some secondary read-only account every time they want to use my app.) Is there some way for an application to request, and the user to grant, less access than the user themself has?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am not sure if there is an option. None known to me. Will leave it to others to chime in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.