How to OAuth1.0 for JIRA Software Cloud for a DesktopApp

auth
jira-cloud
rest-api

#1

I am a bit lost in the documentation. Can someone help me here ?

I am building a Desktop App (macOS, Swift, Alamofire, OAuthSwift) and want to authenticate with the REST API for my JIRA Server Cloud instance while implementing. And later to any instance of any user of the App, of course.

I did already implement OAuth 1.0a for the Trello REST API but the JIRA REST API docs are not clear to me.

Especially as there are multiple docs for various Product Variants and I have not found anything specifically about Desktop Apps (except for this: https://community.atlassian.com/t5/Jira-questions/Creating-application-link-to-be-used-for-desktop-client/qaq-p/292927) and also could not find the request-authorize-access-URLs anywhere) The sample code seemed to be only about Web-Web cases, too.

I assume the information is in the docs i have seen but i missed what is relevant to my case.

For the Trello OAuth1.0a authentication i used 5 pieces of information which were provided by a) my Trello Account Page (1+2) and b) the Trello REST API docs (3+4+5):

  1. Consumer-Key
  2. Consumer-Secret
  3. request-URL
  4. authorize-URL
  5. access-URL

These 5 are what i am using with the OAuth library to do the OAuth dance.

Question A) My impression is that i have to create 1+2 myself here. Is this correct?
Question B) Where do i get 3+4+5 ? Or does it work differently here? (But the OAuth-lib expects them?!)

Any help or pointers in the right direction would be much appreciated.
If i left out relevant information please let me know.


#2

This page documents how to do OAuth for REST APIs for JIRA Cloud. https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-oauth-authentication/


#3

Thanks for the reply. I did see this page but the description there is confusing unless one knows OAuth already very well. Just one example: Configuring an Application Link requires the three URLs as input whereas i had expected them to be provided to me so i can use them as argument when using the OAuth library (The way it works with Trello).

I will probably focus on working on the GitHub integration next and perhaps come back to look at a JIRA integration at a later time or just omit JIRA until a later update of the App.

Update: Actually i just got GitHub authentication working. JIRAs docs are really a tough cookie : (


#4

Hi @phlebotinum,

Apologies for the confusion, we’re continuously improving our documentation. If you could add a feedback for the documentation and which part of it was confusing for you, then an issue will be created.

The way to integrate you external app with Jira is to use OAuth 1 and add an application link. The way I did the oauth dance in my external NodeJs web app (I integrated with Jira Server but I think I think should be the same process as cloud) is:

  1. Generated public and private keys
  2. Created application links
  3. I used an OAuth library and made a call to request for a token:
var oa = new OAuth('<jira-base-url>/plugins/servlet/oauth/request-token',
                           '<jira-base-url>/plugins/servlet/oauth/access-token',
                            consumerKey, //you entered this in step 1
                            privateKeyData, //private pem file
                            '1.0',
                            config.localBaseUrl+'/jira/callback', //jira calls this as a callback to return the token
                            'RSA-SHA1'
                        );

oa.getOAuthRequestToken(function(error, oauthToken, oauthTokenSecret) {
        if (error) {
            console.log(error.data);
            res.send('Error getting OAuth access token');
        } else {
            console.log(req.session);

            req.session.oa = oa;
            req.session.oauth_token = oauthToken;
            req.session.oauth_token_secret = oauthTokenSecret;
            return res.redirect('<jira-base-url>/plugins/servlet/oauth/authorize?oauth_token=' + oauthToken);
        }
    });
  1. In my /jira/callback method, I process the access token as such:
var oa = new OAuth(req.session.oa._requestUrl,
                        req.session.oa._accessUrl,
                        req.session.oa._consumerKey,
                        config.privateKeyData,
                        req.session.oa._version,
                        req.session.oa._authorize_callback,
                        req.session.oa._signatureMethod);
    console.log(oa);

    oa.getOAuthAccessToken(
        req.session.oauth_token,
        req.session.oauth_token_secret,
        req.param('oauth_verifier'),
        function(error, oauth_access_token, oauth_access_token_secret, results2) {
            if (error) {
                console.log('error');
                console.log(error);
            } else {
                // store the access token in the session
                req.session.oauth_access_token = oauth_access_token;
                req.session.oauth_access_token_secret = oauth_access_token_secret;

                res.send({
                    message: 'successfully authenticated.',
                    access_token: oauth_access_token,
                    secret: oauth_access_token_secret
                });

            }
        });

And I’ve successfully integrated with it and able to call REST APIs. More information here: https://developer.atlassian.com/server/jira/platform/oauth/

If you own the cloud instance and you have the power to create an admin account, you can try using Basic Authentication to integrate, which should be less confusing for you.

What steps have you done and which part of the process have you done and are confusing to you?

Cheers,
Anne Calantog


#5

Hello Anne,

Many thanks for your very thoughful and helpful answer.

Your example code was very helpful to me as it contains the 3 urls for .../request-token, access-token and .../authorize. I am also using an OAuth library. Googling the JIRA docs for these urls i also found jira-rest-api-example-oauth-authentication

Right now i am stuck at this error message below which refers to the OAuth1.0a standard and sounds like callback-URIs with custom schemes are just not possible.

Trello does allow the callback-URI to have a custom scheme (Trello REST API doc aboput Authorization. There i can use de.appcandy.LearnRESTful2.oauth://oauth-callback/trello which is essential to handle the callback in a desktop app.

So right now the current question is:
Q: How can the OAuth Flow for JIRA be implemented for a desktop app?

?: Is there a way to get the custom scheme with this current approach accepted?
?: Is a different approach required to be able to support an Auth Flow from a desktop app?
?: Something else …?

error: requestError[Error Domain=NSURLErrorDomain Code=400 "HTTP Status 400: Bad Request, 
Response: oauth_problem=parameter_rejected&oauth_parameters_rejected=oauth_callback&oauth_problem_advice=As per OAuth spec version 1.0 Revision A Section 6.1 <http://oauth.net/core/1.0a#auth_step1>, the oauth_callback parameter is required and must be either a valid, absolute URI using the http or https scheme, or 'oob' if the callback has been established out of band.

The following invalid URI was supplied
'de.appcandy.LearnRESTful2.oauth://oauth-callback/jira'"
<...snip...>

Cheers and Thanks
Boris


#6

Hi All,

I found this discussion useful. I am a Java developer but I tried Node JS approach to authorize my app with Jira.
Now I am able to connect and authorize with Jira through my app.
I found there were few changes to be done in the code when I used the latest versions on the libraries used.

@acalantog, It would be very useful if you also mention the versions of the libraries used in developing the node JS code.

Thanks and Regards,
Aditya