Hey Forge community,
I’m excited to share some news with you! Recently my team has been working on a new Forge feature: External Auth . There has been some discussion about OAuth2.0 integrations, so we wanted to let you know what you can expect us to deliver by the end of the year.
What is it?
External Auth is a new feature that will let you authenticate an OAuth2.0 provider with minimal configuration.
This feature will:
- Connect your Forge apps to a 3rd party from multiple Atlassian products and share the auth between them seamlessly.
- Store service and account credentials in a secure, encrypted way which was verified with strict compliance procedures and rigorous security reviews.
- Fetch and refresh OAuth2.0 tokens automatically.
- Easily use OAuth tokens in requests from your Forge functions.
External Auth will support some popular service providers such as Google, Dropbox, Miro, Slack, GitHub, and Azure DevOps out of the box, and also has the ability for you to define fully custom OAuth2.0 Providers for any service that adheres to the OAuth2.0 protocol!
Note: for external providers this feature will only support the “Authorisation Code Flow”, and won’t support the “Client Credential Flow”. For more about OAuth2.0 flows visit: Which OAuth 2.0 Flow Should I Use?
Example use cases
- Creating Google Calendar entries from Confluence: External Auth will remove the need to manually handle the user’s OAuth tokens in your application code.
- GitHub pull request status from Jira: External Auth will remove the need to manually handle the user’s OAuth tokens in your application code.
Should we support more providers out of the box?
Let us know by completing this Google Form.
If there’s enough of an ask for providers we haven’t included yet, we’ll consider adding them to our “out of the box” supported list.
Have any questions, comments, or concerns? Let us know! Leave them below or reach out to me on:
Calendly: Nir Nikolaevsky - Book a call
that is great news!! I am very much looking forward to that feature.
One thing though: That Google Forms link is not public, could please look into that
Hi @Nir ,
Can you comment on how this works together with the “login as User” admin feature?
Storing the credentials securely is a very nice addition and enables a lot of use-cases.
However, use-cases are immediately limited if the Jira Admin can use “Login as User” and has then access to these 3rd party information as well.
Imagine I want to build an app that shows my last used Office files and I can one-click upload them. It would be weird/concerning/security relevant if the Jira admin might get access to these files as well.
After all, he is only Jira Admin and not Office admin.
Thanks for that, there was a sneaky checkbox pre-ticked in the settings. Should work now
Good question @andreas.schmidt, the team is now looking into the expected behaviour for an admin using “login as User”, will keep you posted.
Hey @andreas.schmidt, I can confirm that when an admin uses “Login as User” and logs in as another user, the app accesses the admin’s account instead of the user’s.
Hi, @Nir that is pretty good news. We’re working on the design of a forge app and as the application is new we are considering implementing it full-on Forge for using most benefits of Forge Apps in comparison to Connected Apps or Connect-on-Forge. The problem is that we need to integrate OAuth2 (auth code flow) for a third party (Microsoft Azure), which currently seems not to be possible. You say External Auth is expected to be delivered by the end of the year, but I couldn’t find any documentation or information related to its release. Can you tell me a more accurate release date? In case this Forge functionality can be already used, do you have documentation?
Thanks in advance.
Hey @AntonioMansilla, I have some more good news for you! We just launched external authentication (good timing on the question), check out the blog post here, the CDAC announcement here, and the docs here.
Looking forward to seeing your app! If you have any question don’t hesitate to reach out.
Send an email: email@example.com
Book a call (Calendly): http://calendly.com/niratlassian