Can I implement oAuth 2.0 on Jira server?
Is it available developer panel on Jira server to add App and get CLIENT_ID and CLIENT_SECRET?
@MaksymShtatskyi welcome to the Atlassian developer community.
No. Jira Server and Data Center have OAuth but it is only version 1.0a, not 2.0. Admins can obtain the necessary secrets for the OAuth 1.0a flow through the application links screen. There is not a developer console, like there is for Cloud.
1 Like
Please feel free to watch, vote, and comment on this public issue:
https://jira.atlassian.com/browse/JRASERVER-43171
I don’t have any details that are not in that issue.
1 Like
Hi, I’m also confused about this. The documentation also says that OAuth2 isn’t available in Server. But we’re on Jira Server 8.20.1 as far as I can tell, and there is clearly a clearly an option to use OAuth 2.0 in our system administration menu, right at the very bottom, under Advanced.
This takes you to this screen to create third-party app integrations:
Is this different a different kind of use for Oauth2 than what is being referred to here and in the documentation? Or am I mistaken, and we’re actually on a Cloud install? Our Jira logo is the three triangles of Server, our web address doesn’t have Atlassian in it, and our latest upgrade report links to the release notes for Server here, but I don’t know if those indicators are actually still valid or if there is some other way at this point to determine the type of Jira install I’m looking at. I’m new to this.
Welcome to the Atlassian developer community @AlexSticco,
Yes, indeed that is confusing (and you are not mistaken, that is Jira Server). Technically, Jira Server 8.5.9 and above do support OAuth 2.0 but only as a consumer for email clients. When @MaksymShtatskyi asked about obtaining a client id and client secret, I assumed that was to use Jira Server as a provider for REST APIs. The issue linked above is still correct with regard to using REST APIs.
You can use Personal Access Tokens for REST API access. Or there are a number of Marketplace apps that can secure Jira (and the REST APIs) with different authentication (including OAuth 2).
Got it, thanks for the clarification!
@ibuchanan Any status of this feature ? We also have a similar requirement to implement OAuth2 for Jira Server ?
Actually, we are currently providing Jira integration with our product using OAuth2 for Jira Cloud BUT there is no support for OAuth2 for Jira servers. As far as what i found till now on the documentations. Just wanted to confirm the status.
@ibuchanan , the Application links UI in Jira Server 8.22.6 lets an administrator create an “incoming” link for an “External” application, which implies that third party applications can fire Rest API calls using OAuth 2.0. However your statement from early October 2022 that this is not supported was written after the release of Jira Server 8.22.6. I must have misunderstood something but I can’t work out what the disconnect is. Grateful for any clarification you can provide, please.
It seems like there is some confusion about application authorization with respect to the REST API, at least for me. As I tried to find out, there still is no support for external applications to authorize for REST API calls for Jira Server (Data Center) as per [JRASERVER-73893] (https://jira.atlassian.com/browse/JRASERVER-73893). The mentioned update in 8.22 and the incoming link are apparently authorization per user. Please correct me if I am wrong as I am also struggling with oauth2 in my external app.
There is somewhat of a workaround, but in my instance it’s not feasible Test Jira icoming Link