Confluence Addon talking to Jira (cloud)

I want my Confluence Cloud Atlassian Connect Express plugin to access Jira Cloud rest API. Preferably as smooth for the user as possible. For example read only in asApp mode, and R/W in asUser after oauth dance.

I am doing my best to dig into OAuth documentation but I am lost.

As far as I understand:

A/ Confluence Addon ACE talking to Confluence rest API

For ‘as app’ calls it’s easy thanks to JWT and httpClient available in app.js by default (which is npm’s request under the hood). I tested it and it works as expected.

For ‘as user’ calls you have to follow:
https://developer.atlassian.com/cloud/jira/platform/user-impersonation-for-connect-apps/

:question:#1 Am I right here? Can ACE’s JWT be used only within the same product type?

B/ Confluence Addon ACE talking to JIRA rest API

As far as I understand such a request is (from the security perspective) similar to a request made by any external app. It doesn’t matter if this is an ACE addon with a valid JWT, right?

(if so) I should follow this article:

B1/ https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/

which suggests in the intro section:

Connect apps : Use JWT. You can also use OAuth 2.0 user impersonation.

This is half true. It should be "Confluence Connect apps talking to /wiki/rest and JIRA Connect apps talking to /rest" APIs.

:question:#2 Am I right here? Should this documentation be more specific?

Following the page, I can see:

Before you can implement OAuth 2.0 (3LO) for your app, you need to enable it for your app in app management:

  1. In app management, navigate to your app (or create one if you don’t already have one).

Well, the app management link points to Forge apps manager. There are no ACE applications there.

:question:#3 Do I have to create a stub Forge app for any other (including ACE) application to use OAuth2?

I assumed so, and successfully managed to perform all the steps in the documentation to finally hit this sentence:

Note that making your app public does not make it available on the Atlassian Marketplace. Listing a OAuth 2.0 (3LO) app on the Atlassian Marketplace is currently not supported.

I gave up here and moved to this site:

B2/ https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-oauth-authentication/

Here, instead of being trapped by early access, non-market ready solutions I was hit by legacy, server-related code.

I compiled the java code (there is a missing target directory name in java -jar **target**/OAuthTutorialClient-1.0.jar requestToken) and generated public/private key pair. But I failed on:

Configure the client app as a consumer in Jira, using application links

(got error 500)

I tried to use node client from the https://bitbucket.org/atlassianlabs/atlassian-oauth-examples/. This code is three years old and package.json was missing so I had to to guess NPM dependencies and then rewrote the code from express2.0 to express4.0. Long story short this turned out to be less useful than java version.

More importantly, this solution seemed to be for those looking a single-instance OAuth mechanism.

:question:#4 Am I right here? Is “OAuth for REST APIs” designed to a single-instance use cases?

So I took a look at Forge:

C/ Forge app talking to Jira/Confluence (but not Jira Software) APIs

Everything is simple with forge. There are no “Confluence” or “Jira” addons anymore. It’s just Forge addon for the entire platform. You can call:

api
    .[asApp() | asUser()]
    .[requestConfluence | requestJira]

I tested it and it works like charm. There are two issues with Forge: (1) there is no Forge marketplace yet (but it’s coming soon), and there is no InlineMacro that I need for my addon (and it’s not even in the roadmap).

To sum up:

:question:#5 Is there a documentation for my scenario:

A Confluence ACE addon talking to Jira REST API in system/application read-only mode (if possibile) and in “asUser” (impersonalized) mode? (assuming I can’t use Forge).

3 Likes

Thanks to the latest update by @AngelinaIgnatova (Introducing the new developer console and updated Managing your OAuth 2.0 (3LO) apps I can answer some of the questions:

:question:#3 Do I have to create a stub Forge app for any other (including ACE) application to use OAuth2?

No, I don’t have to do it. Newly introduced Developer Console allows anyone to create either Forge app or OAuth 2.0 (3LO) integration. Use arrow close to Create app button.

Other questions remain unanswered.

2 Likes

Dear Atlassian Staff,

I understand that you are busy with Forge (and you are doing great work there). But I need your help with still supported framework. I am about to start my development. I really don’t want to build something that can’t be published.

Best

Just wanted to say, that I finally managed to make this working:

5 Likes

@szn Which option did you choose?

Hi @Grzegorz.Tanczyk

B1.C

Follow my comments and create an OAuth 2.0 (3LO) integration app in the developer console.

Despite documentation saying:

Note that making your app public does not make it available on the Atlassian Marketplace. Listing a OAuth 2.0 (3LO) app on the Atlassian Marketplace is currently not supported.

my request to publish this 3LO app was accepted.

But, long story short, it’s nightmare :wink:

1 Like