We developed a SaaS product that is integrated with Jira and Slack via API and uses OAuth 2.0 authentification. In the current iteration, it’s required for the user to create an app Developer console
And it brings difficulties for our users because not all of them have the required permissions to create apps on their end.
We want to simplify this process. And it’s problematic for us to choose the right application type
As I understood the Forge type of application can’t be applied by us because our logic is already developed using PHP and we don’t need to change any UI to the Jira interface.
Welcome to the Atlassian developer community @Igor1,
Before I can answer your question, I think we would need some additional context. I’m specifically interested in why your SaaS product needs each user (or even each customer) to create an OAuth client in the developer console. The typical model for OAuth is that your SaaS product would be a single client with client id & secret managed by you, not your customers. The authorization code flow is the process by which your customers/users authorize your client to act on their behalf. Can you explain more why that isn’t possible?
thanks for your answer, your response confirmed our thoughts, so we are moving in the right direction.
So we are going to distribute our created app on the page Developer console and share it to users + implement Personal Data Reporting API
As I understood after these steps we will be able to publish it via Log in with Atlassian account by choosing “My app isn’t directly installable” type of application
And after this app will appear on the Jira marketplace
Am I correct?
Yes, I can confirm your outline. Sharing with users (we call it “distribution”) will let you reach far more users than with each creating their own client. And, yes, you can list such an app to provide additional information. It would not be installable directly from Marketplace but that’s appropriate for an OAuth app.
My response was intended as an open question, but if you found it insightful, I’m glad! The reason for my question is that anything that would force you to segment client ids the way you do now, could be a barrier for any other app models as well. In other words, my advice here is that if OAuth 2 doesn’t work for your app, the other app models will have similar problems.
In any case, I’m happy to hear you are going in the right direction.