I'm developing an application which connects to JIRA using a user's credentials (through OAuth), but which only needs read access. Currently, when a user accesses the application, JIRA's OAuth authorization page says "The application foo would like to have read and write access to your data on foobar.atlassian.net" (emphasis theirs).
I'd rather request only read permissions, to prevent accidentally corrupting data and to reassure users that I don't intend to mess with their stuff. How can I configure things such that only read access is requested?
Once you create the application link, you will be asked to create an OAuth token by logging in with a valid JIRA user. At that time, you can make sure that the user used only has "Read Access".
In short, it is not done at the app link level but at the user level.
That's the thing, though... these are just normal users, who need and have full r/w access when using JIRA directly. (And, of course, I don't want them to have to log out from JIRA and into some secondary read-only account every time they want to use my app.) Is there some way for an application to request, and the user to grant, less access than the user themself has?
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG