Connect-express apps and 3LO

Hi there,
As I understand, current connect apps use JWT and OAuth 2.0 for authentication.

Will that change towards the upcoming 3LO?

Hi @marc,

Welcome to the community!

Yes, Connect apps use JWT Bearer Token grant for OAuth 2, i.e. for impersonation.

You may already try 3LO :slight_smile: it uses OAuth 2 auth code grants instead of JWT bearer tokens. So you’ll need to create an app in to get consumer keys/secret, scopes, and an OAuth dance to get a code and exchange it with an access token. See the 3LO link for more details.


Hey @acalantog , thanks for the reply.

What I meant to ask is: Will the JWT Bearer Token grant be replaced by 3LO?

And as a followup, when would JWT Bearer Token be deprecated?

Hi @marc,

AFAIK (call me out here), I don’t think it’ll be replaced or deprecated in the near future. JWT bearer token is still widely used in Jira, Confluence, and Bitbucket whether you’re using the Connect framework or your own stack. Also, we’re talking of two different of apps here, 3LO and Connect, each using different auth grant type.

For updates in any changes in Authorization, we’ll most likely post an update here or a blog post :slight_smile: Thanks for your question.