How do you create 2-Legged Impersonating OAuth ApplicationLinks with Java API?

I’ve been using the MutatingApplicationLinkService for some time to programatically create ApplicationLinks in tests using Trusted authentication.

Along these lines:

ApplicationLink applicationLink = applicationLinkService.createApplicationLink(type, details);
applicationLinkService.createReciprocalLink(uri, null, username, password);
applicationLinkService.configureAuthenticationForApplicationLink(applicationLink, TRUSTED_COMMON_USERS, username, password);


AuthenticationScenario TRUSTED_COMMON_USERS = new AuthenticationScenario() {
        public boolean isCommonUserBase() {
            return true;

        public boolean isTrusted() {
            return true;

But now Trusted auth has been deprecated in favour of 2-legged oauth, so have the methods createReciprocalLink and configureAuthenticationForApplicationLink. Without any indication of what to replace them with.

I’ve tried experimenting by doing this instead on each App:

ApplicationLink applicationLink = applicationLinkService.createApplicationLink(type, details);

authenticationConfigurationManager.registerProvider(applicationLink.getId(), OAuthAuthenticationProvider.class, ImmutableMap.of());
authenticationConfigurationManager.registerProvider(applicationLink.getId(), TwoLeggedOAuthAuthenticationProvider.class, ImmutableMap.of());
authenticationConfigurationManager.registerProvider(applicationLink.getId(), TwoLeggedOAuthWithImpersonationAuthenticationProvider.class, ImmutableMap.of());

But that only sets up outbound auth on each app, it doesn’t permit inbound 2-legged impersonating oauth on the apps.

I can’t find any public API to enable this - the APIs used by the AppLinks plugin UI resources appear to use internal private APIs (com.atlassian.applinks.internal.status.oauth.OAuthStatusService#updateOAuthStatus).

Can anyone, or Atlassian even, shed light on how to accomplish this programmatically?

1 Like