Application Links OAuth for Service User / ScriptRunner


Our app does automatically merge pull requests under certain conditions. It does this merging under a service user.
However, we run into a limitation where this Service User isn’t authenticated on application links. This then ends up in failed merge checks when interacting with other apps (ScriptRunner for Bitbucket in this case).
So, we don’t know how to solve this issue. The best case would be if we could run the OAuth for the service user, so that everything works like a regular user would. So, my questions are:

  • Is there a way to create the AppLink OAuthentication for a Service user?
  • Or for a specific user to be authenticated? We didn’t find a way to specify what user we want to authenticate. It always authenticates the user of the current Browser session.
  • Or is there a way to ‘override’ the AppLinks authentication for the current user?
  • Or, is there a way to specify the what authentication is used in the ScriptRunner?

I think the easiest solution will be to create the configuration between the tools again using the Service Account in both tools.
If that is not possible, you could use this method to send a different auth to the application link, but this will imply more development .

Thanks, Ivan.

1 Like

Yeah…mostly the issue is that we can’t control what ScriptRunner does. It picks the AppLink and the current user or service to authenticate. I don’t think we can intercept that.

So, the only work around seems to be to use impersonation mode of AppLinks, then there is no OAuth dance for the ScriptRunner.