I just watched https://www.youtube.com/watch?v=ybhmYq9QOxY&index=23&list=PLaD4FvsFdarQsi3IUT9btuRPXukhkmC43 and I have a few questions about whether a Connect app is the right solution for our project. I’m working on the front-end for a web service that needs to GET JIRA details from the Atlasssian Rest APIs, for customers who might either use JIRA Cloud or have an on-prem JIRA Server instance. The two big unknowns are how to avoid CORS issues and how to handle authentication.
On the CORS issue, for JIRA Server it looks like we can just ask customers to whitelist us, but for Cloud I can’t find a good answer on what to do. One option I’ve been looking at is writing a connect app for cloud customers to install, for our web application to connect to to get the correct CORS headers. I’m not clear if this is possible, or if the initial request to the Connect app wouldn’t have the same CORS issue. Any advice on where to start with this?
For the authentication against the REST apis, it looks like JWT is our only option against cloud if we end up writing a connect app, but we have multiple options for authenticating against JIRA server. Are there any recommendations between basic auth, basic auth with cookies, and OAuth authentication?