JIRA OAuth API Auth

ThijsLecomte · February 24, 2021, 7:18pm

Hi all

I am currently trying to integrate a third party application to JIRA.
This application will create issues within JIRA Service Management - Cloud.

I am using the JIRA API with Basic Auth right now, but I want to switch Oauth Authentication.
But I am utterly confused by the documentation on which Auth to use and how.
Seems that there are two ways:
OAuth for REST APIs - https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-oauth-authentication/
OAuth 2.0 (3LO) apps - https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/

For the use case I have, so a backend application creating issues in JIRA, which should I use?

I want it to run as an application, so I would assume it’s 2LO, but are there any examples available to do this?

Thank you in advance.

Kind regards
Thijs

ibuchanan · February 24, 2021, 9:15pm

@ThijsLecomte I see you cross-posted after @bentley clarified.

I strongly recommend OAuth 2.0 (3LO) apps - https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/

The other is OAuth 1.0a. It is difficult to configure and use. Frankly, it’s not well documented because it’s more a “legacy” option that grew up in the world of on-premise Server. “That way leads to madness.”

Both are “act as user” not “act as system”, so neither provides the exact match to what you want. But OAuth 2.0 is typically better than basic auth because OAuth clients have “scopes” that will help your app only have the level of access that it requires, not the overly-broad access you have as a user.