Connecting to Jira cloud and Tempo REST APIs

Hello, experts:

After connecting with Jira Cloud using OAUTH2 and Basic Auth, we’re looking to connect to Tempo as well.
Looking at the docs (https://apidocs.tempo.io/), it needs to login using OAUTH2, but I don’t get it.

1- It means that, in order to get Jira Cloud info and Tempo info I need to log in two times? with what user/pwd? When I log in Jira Website, I use my Jira account, I log once, and I can see all info, Jira and Tempo, at the same time.
2- If I need to log twice, is there a way that I can do it in a single step? Going to Jira Login page, then confirm permissions for my app, then going to Tempo Login, and finally to the app permissions confirmation for Tempo are a lot of steps.

Sorry if this is basic knowledge, but I can’t find combined info on the Internet.
Thank you!

Tempo cloud data is not stored in Jira; so, yes, you have to log in twice using this method. The Jira Tempo Timesheets App is already in Jira, so it has options that a 3rd party integration would not have and is able to interact more seamlessly between Jira and their own servers on behalf of a user.

After setting up your integration in Tempo > Settings > Data Access > OAuth 2.0 authentication, you get a client id and secret. Store these securely, for long-term. Use those get get your access key for each user. At minimum, your integration should be storing the access_token, expires_in (or equivalent), and refresh_token returned. The default expiration is 60 days. You can use the refresh_token to quickly get a new access_token before the expires_in time passes.

In OAuth, the source app (Tempo in this case) may cache the authorization grant. With the 60 day and easy refresh, you shouldn’t worry about users being bothered too much after the first time.

Yes, the OAuth process is almost the same as OAuth2 on Jira, but just a bit easy (with no extra step to get the CloudID).

I was coding in advance, and I have it, pretty much. But I’m having an strange issue:
Following this guide
https://apidocs.tempo.io/
I went until the step 1 of “How to retrieve an access token for a user - Authorization grant type used is authorization_code”. After the GET, i got a blank page, that slowly get the upper bar, but nothing else.
I got this error:

SourceMaps.getMapForGeneratedPath: exception while processing path: https(…)?locale=es-ES, sourcemap: LegacyIssue-min.js.map
SyntaxError: Unexpected token ; in JSON at position 0

However, if I open another Chrome window, while debugging, and go to
https://mycompany.atlassian.net/plugins/servlet/ac/io.tempo.jira/oauth-authorize/?client_id=ZnR9ZMttHIT6UmcNmcidbgk9rXz2EqHTTLx4h1f0&redirect_uri=http%3A%2F%2Flocalhost%3A*****%2Fsupport%2FtempoAuthorize
It will show the authorize window shown in the image, and can go to the step 2 (but I got a “Method Not Allowed” error).

I don’t know why, but if you need some code (or another thread), jus tell me.

I’d look into your redirect URL and the request handling of it on your end. The redirects are usually POSTs, so putting it into your browser will do a GET and you get Method Not Allowed.

It’s also very likely not JSON, it’s usually XML.

Mmmm, but even if I do a Get on my browser, it loads the authorize page, then the confirmation, then it redirects to one of my urls, and when I do the “POST: https://api.tempo.io/oauth/token/” with:

response = await client.PostAsync("", content);

Then I got the Method not allowed… But let me review that, because I sent it as JSON, and the guide tells that I must use “application/x-www-form-urlencoded” format.

What makes me crazy is that this code doesn’t load the Tempo app authorization page:

[code] public IActionResult TempoLogIn()
{
//https://{jira-cloud-instance-name}.atlassian.net/plugins/servlet/ac/io.tempo.jira/oauth-authorize/?client_id=$CLIENT_ID&redirect_uri=$REDIRECT_URI

        string tempoUrl = string.Format("https://{0}.atlassian.net/plugins/servlet/ac/io.tempo.jira/oauth-authorize/?client_id={1}&redirect_uri={2}",
                                        "mycompany",      //0: Instancia de Jira Cloud
                                        TempoService.client_id, //1: Client id (establecido en config de la APP en Tempo)
                                        Request.Scheme + "://" + Request.Host + Request.PathBase + "/support/tempoAuthorize" //2: redirect_uri
                                        //System.Web.HttpUtility.UrlEncode(Request.Scheme + "://" + Request.Host + Request.PathBase + "/support/tempoAuthorize") //2: redirect_uri
                                                                                                                                                                         );
        return new RedirectResult(tempoUrl, false);

    }[/code]

Still trying to connect to tempo.
I moved the TempoLogIn code to the view that call this controller method, in order to avoid the redirection, but still the blank page. Opening the developement tools on Chrome (F12) it seems that Tempo is trying to open some js.map files but it’s unable to do it, I got a lot of timeout messages and after a (long) wait, it displays an error and a message telling me that the error was reported to support.

Sorry if I insist with this, but we need to get it as soon as possible to continue developing this tool, we need it for other projects.

I double and triple checked, and my RedirectResult is calling the Tempo APP authorization page with a GET, instead a POST. I compared both calls, from my code and when I call it copy/pasting the URL in the navigation bar, and can’t find any differences.
I REALLY don’t know what’s wrong and what am I doing.

I found something interesting: if I let the page to load, and I mean about 15 minutes, sometimes it works, it shows me the Authorization page, but I don’t know why it takes soooooo long. As I said, it looks like it’s trying to load some files, but until it gets a 404 error, because timeout, to every single file it tries to load, it won’t load.
Sometimes, it shows only the upper Jira bar, and a message in the corner that says something like “loading error. Our team is aware of it and it’s working on it”.

Hello:
I’m still stuck with this. No matter what I do, when loading the tempo oauth-authorize page withing my web, it’s slow as a snail.
But, meanwhile, I’m trying to work on the next step. As I said, I can copy and paste the URL, so I can grab the authorization code from Visual Studio. Then I used Postman to check what’s the problem with “Method not allowed”.

I don’t get it, in the guide, it says that I must:

POST: https://api.tempo.io/oauth/token/

sending the following parameters using the “application/x-www-form-urlencoded” format:

grant_type = “authorization_code”
client_id = $CLIENT_ID
client_secret = $CLIENT_SECRET
redirect_uri = $REDIRECT_URI
code = $CODE

That’s what I put on Postman, and I still got a “Method Not Allowed” error. I tried PUT, and can’t try GET because I can’t add the codes to a body.
What is happening here?

I moved this URL:

To the view, so I put a button like this:

<a class="btn btn-primary" href=@Model.url>Conectar</a>

And still the same issue. What did I miss? Do I have to put another parameter? Should I add some environment option? Is there a problem with Visual Studio debugger?

Ok, I solved the first part:
In VS, the “compile and execute” button has a dropdown menu. One of the options is “script debugging”, so I put it to “disabled”, and now, it doesn’t reports warnings about js.map files, an loads (in less than 60 seconds, the expiration time for authorization code) the app authorization page.

I still can’t get the token with the authorization code. Nor with VS, nor with Postman.
I think that some of the values is wrong or misspelled, and “Method not allowed” is a wrong way to say “I don’t understand what are you sending to me”.

And I got the second part.

The problem was I was connecting to:
https://api.tempo.io/oauth/token
Instead of:
https://api.tempo.io/oauth/token/
That single / made the REST API redirect my request, giving a 301 status response, and making HttpClient to change POST to GET, and giving me all the troubles. With that, I can get the token.

1 Like