Problem Statement
I’m building a Jira Forge Custom UI app that loads a BI report using a ticket-based authentication system. The ticket must be passed as a query param to the report URL inside an <iframe>.
However, I’m running into a significant limitation:
Constraints I Cannot Violate
I cannot use localStorageorsessionStorage(browser storage is restricted).- I cannot use Forge
storageAPI (storage.set,properties, etc.). - I cannot use OAuth 2.0 — my backend software doesn’t support it.
I do receive a ticket via backend logic, but I need to preserve it during the session.
The Core Challenge
I need to securely pass the ticket to the View component every time the user navigates to the app, without re-authenticating or regenerating a new ticket each time.
But since I can’t persist it via local/session storage, context, or Forge APIs — how can I temporarily retain this ticket during the app’s lifecycle?
Currently, the app re-renders every time I switch between Edit and View, which wipes any in-memory variables. So I lose the ticket unless I go through the login logic again — which I want to avoid to save load time and avoid hitting auth limits.
What I’m Looking For
- Are there any state-preserving methods within Forge Custom UI apps that don’t rely on storage APIs?
- Can I pass the ticket securely through component navigation (Edit → View)?
- Is there a design pattern or architectural change that would help me achieve session-level ticket persistence under these constraints?
Any ideas or alternative designs would be extremely helpful.