How to authenticate end-user in connect add-on accessed standalone?

I would like to let Jira Cloud users to use add-on without Jira. Add-on stand-alone will still read/write data in Jira on behalf of the user (act as user), but user has to be authenticated first.

Is it something that Atlassian Platform can help with? I.e. can add-on standalone use Atlassian Cloud Authentication?

Looks like add-on can ask user for Atlassian Cloud email/password and validate it with https://id.atlassian.com/id/rest/login. But is it appropriate?

And it would be even better if user could be authenticated at https://id.atlassian.com/login and redirected to add-on standalone page, similarly as it is done for Jira itself? It would support two-factor authentication and let users login with google too.

Note, authenticating user with Jira username and password at specific Jira /rest/auth/1/session could be sufficient.

removed

too, but it can be used with email/API token only, and not with Jira username/password anymore

Additionally, it would be nice to map authenticated user to JIRA Cloud instance where add-on is installed, to avoid need for typing in Jira Cloud instance/host name.

Could someone please advise anything?

2 Likes

I’m looking for a solution for this as well. I’d really prefer to not have my add-on ever ask for a password from the user. If the OAuth 2.0 authorization code flow was supported that would be sufficient. I know I can use OAuth 1.0a but that requires more set-up on the client than I want when an admin setting up my add-on to have to go through.

Really all I need is an easy way to have a user tell me their user ID in JIRA.

3LO (https://developer.atlassian.com/cloud/jira/platform/three-legged-oauth/ might be an answer, if standalone app can work disconnected from the connect add-on, or it might be possible to find 1:1 mapping to connect add-on settings basing on user authentication, e.g. by Jira cloud url.