Can't find oauthClientID in "installed" payload

Hi,

I’ve created a Golang library for JWT authentication for add-ons here: atlassian-jwt. I have it working for READ, WRITE, etc scopes but for ACT_AS_USER, the docs say I need oauth2 support.

I’ve included the ACT_AS_USER scope in my atlassian-connect.json file but when the “installed” hook fires, I receive the same fields that I had before: key, clientKey, publicKey, sharedSecret, serverVersion, pluginsVersion, baseUrl, productType, description, eventType.

I am not receiving oauthClientID, which the documentation (OAuth 2.0 - JWT bearer token authorization grant type) says I need to exchange for an access token.

All of the documentation and code samples just assume that I already have the oauthClientID, nothing actually shows how to retrieve one.

What am I doing wrong?

2 Likes

That certainly does seem odd. Would you post the relevant portion of your atlassian-connect.json file, and also the JSON structure that is posted to your installed end-point?

I’ve included the code below. You can see I ask for ACT_AS_USER and READ scopes. The only thing I can think of is that I’m only including webhook modules. Maybe the JIRA API understands enough to know that they don’t need ACT_AS_USER support so it doesn’t return the appropriate values for that? That seems a little far fetched but it’s the only explanation I have. If that is, indeed, a possibility, I can’t find modules that require ACT_AS_USER scope. Do you know of any I could use to test this hypothesis? Can you see anything else wrong with my requests?

atlassian-connect.json

{
    "key": "jira-golang-oauth2-example",
    "name": "Golang ouath2 example add-on",
    "description": "Some add-on examples in Go",
    "vendor": {
      "name": "Bob Briski",
      "url": "https://github.com/rbriski"
    },
    "baseUrl": "https://something.ngrok.io",
    "links": {
      "self": "https://something.ngrok.io/atlassian-connect.json",
      "homepage": "https://something.ngrok.io/atlassian-connect.json"
    },
    "authentication": {
      "type": "jwt"
    },
    "lifecycle": {
      "installed": "/installed",
      "uninstalled": "/uninstalled"
    },
    "scopes": [
      "READ",
      "ACT_AS_USER"
    ],
    "modules": {
      "webhooks": [
        {
          "event": "jira:issue_created",
          "url": "/issue_event"
        },
        {
          "event": "jira:issue_deleted",
          "url": "/issue_event"
        },
        {
          "event": "jira:issue_updated",
          "url": "/issue_event"
        }
      ]
    }
  }

The installed JSON response

{
  "key": "jira-golang-oauth2-example",
  "clientKey": "68c984b0-2ed8-34b9-a38b-6e69daf588ff",
  "publicKey": "long_secret_string",
  "sharedSecret": "short_secret_string",
  "serverVersion": "100082",
  "pluginsVersion": "1.3.484",
  "baseUrl": "https:\/\/my-jira-site.atlassian.net",
  "productType": "jira",
  "description": "Atlassian JIRA at https:\/\/my-jira-site.atlassian.net ",
  "eventType": "installed"
}

I can’t see anything wrong with what you’ve done there. It’s time to start flailing about and clutching at straws. Let me get you started:

  1. Try including “ADMIN” in your scopes rather than “READ”

  2. Try uninstalling and then re-installing your add-on in your development instance

  3. Try enabling licensing: "enableLicensing": true. Could it be that only licensing-aware add-ons are provided with an oauth client ID?

  4. Validate your descriptor.

Did it all, and more … no dice. Even the documentation is deceiving. They specifically mention it here but don’t show it in the actual data:

https://developer.atlassian.com/cloud/jira/platform/app-descriptor/

Then there’s this, that’s only available on Google cache but the PM basically says exactly what I’m doing:
https://webcache.googleusercontent.com/search?q=cache:YA9AftLSD0oJ:https://ecosystem.atlassian.net/browse/ACJIRA-1290+&cd=4&hl=en&ct=clnk&gl=us

I’ll keep working. At this point I’m just fuzzing the endpoint.

Thanks,
Bob

Holy crap, I’m an idiot. I was copying the JSON into a struct and inspecting it because of my previous work on just the JWT. The struct didn’t include oauthClientID so when I marshalled the data, it just dropped it. It’s been there all along, I just wasn’t looking at the raw JSON.

Sorry for wasting your time.

Thanks,
Bob

See!!! Flailing one’s arms about can really work. Glad you’re up and running again, Bob.

Oke, but how does one obtain the oauthClientId dynamically in index.js after the connect app has been installed as dev?

Follow this example https://bitbucket.org/atlassian/atlassian-oauth2-samples/raw/44d57b7278e61bc61c62f72b0ed6367dd517e4ac/javascript/index.js