Hi all, I’m looking for insights on how to fetch data from multiple Jira sites from Confluence app.
Context
I’m currently migrating a Confluence Connect app to Forge. One of our features allows the app to fetch and display data from multiple Jira sites.
In the Connect version, we used an OAuth 2.0 app, allowing users to explicitly grant consent to access data from other Jira sites.
Now we are moving to Forge, we no longer use an external server (Connect host), so there is no callback URL available.
What I tried
I attempted to configure an OAuth app using auth providers in the Forge manifest, but encountered the following error during deployment:
Error: Manifest validation failed: Invalid client id WLCeZX...ZRKA: Atlassian credentials are not supported in auth providers. (requestId: 02f156c5-8d69-4f31-aa2f-f8e646e2da43)
From what I’ve found, it seems that OAuth 2.0 with Atlassian credentials is not supported in Forge.
I would prefer not to use cross-app installation, since our app needs to connect to multiple Jira sites, and requiring users to install the app on every site would not be practical.
Question
Is there any recommended approach to allow a Forge app to access data from multiple Jira sites with user consent, and without requiring cross-app installation?
Any suggestions would be greatly appreciated. Thank you in advance!
3 Likes
@LiaTran,
Short answer, no. The tight binding to site security is a design decision so that apps are “secure by design”. The Forge platform takes care of tokens, auth, and managing itself in context of a tenant.
Longer answer would be down the path that you already have, replacing your Connect App with a Forge Remote, that could play the role of “Forge to OAuth” bridge. This is a heavy responsibility because your app defies the security controls of Forge; not just the binding to sites, but the ability for admins to know their data egress posture from the Forge manifest.
That said, we have been looking at some alternative models, like org-level apps. With multiple sites in an org, the org-level installation model might allow the app to reach all the sites within that org. Could you say more about the relationships of the sites you expect to reach (eg within 1 org or not)? Is your app intended for just yourself as a customer, or for many customers on Marketplace? What kinds of audit & control do you think site admins would want/need in making those connections?
@ibuchanan
Let me clarify this feature in our app:
We allow users to grant access (via OAuth 2.0) to multiple Jira sites — not limited to the same organization, but any site they have permission to access.
Once the user grants consent, we use the OAuth access token to retrieve Jira issues from those sites and display them within the Confluence app.
Is there any way to achieve this functionality when migrating to Forge? Thank you in advance!