We use JIRA Cloud Service Desk to provide customer support for our product.
We also have a separate website that has product documentation. I would like to restrict access to the product documentation site to only the customers that exist in our Service Desk instance.
My thought was to use OAuth against JIRA and if an access token is returned, that means the user is valid in Service Desk and I can therefore let them see the product documentation.
The documentation website is an ASP.NET MVC app, and I’m using the DotNetAuth Nuget package along with the concepts shown here: http://tzhwang.com/2016/10/20/jira-oauth-authentication-using-dotnetauth/
I’ve found that this approach works great for my own JIRA account which is an Atlassian ID. If I’m logged in to JIRA, I see that the request to https://mycompany.atlassian.net/plugins/servlet/oauth/authorize?oauth_token=XXXXXXXXXXXXXXXXXXXXXX takes me to a page asking me to Allow or Deny access. If I click Allow, I get an
However, when I’m logged in to Service Desk as a customer (portal only) user, it doesn’t work. The request to https://mycompany.atlassian.net/plugins/servlet/oauth/authorize?oauth_token=XXXXXXXXXXXXXXXXXXXXXX gives me a 302 response that redirects to the Service Desk main page (/servicedesk/customer/portals) instead of showing the page to Allow or Deny access.
Is this a limitation of Portal Only users, or is there a way for such users to authenticate via OAuth?