OAuth 2.0 (3LO) with specified JIRA instance

oauth
oauth2
rest-api

#1

We are trying to integrate JIRA Cloud into our product.
Our customers are working with multiple personal account in our product.

They should be able to connect our product with their JIRA Cloud instance.
One person at a customer can link an entity in our application with a JIRA Cloud instance.

If another user tries to view the details of this entity but has previously not granted permission to JIRA he will be asked to grant permissions.

In the moment he will be greeted with a list of JIRA Cloud instances he can select from. But we need access to a specific instance. When the user selects the wrong Cloud instance we have unnecessary permission to that instance and have to force him to repeat the process until he selects the right one.

Is it possible to request permissions for a specific JIRA Cloud instance without allowing the user to select another one and only to allow him to “agree” or “disagree”?


#2

Hello @jakobjarosch I will look into this for you and try to help where I can.


#3

@jakobjarosch So the authenticated user could grab the data and send it to anyone they want, however they want. For example Slack can connect to Jira and have data diplay in a conversation that other users could see that have note Authed into the Jira Cloud Instance. I am trying to understand the use case more. Could you elaborate?


#4

@scallahan We have a portfolio management software where the user can link a project to a group of JIRA issues. Inside our application we then display the issues. So every user who wan’ts to view the linked issues must authorize use to access the JIRA.

We want to do this user based, not once per customer, otherwise a unauthorized user could see issues from JIRA.


#5

So when a user clicks on a issue in your Application it takes them to the Jira Issue inside Jira forcing them to Auth? or does it show them an in product view of the Jira Issue? If it is the ladder you can show the data within your app and display it to all your users but if you want them to open jira they will need to auth


#6

@scallahan
We are displaying the JIRA issues inside our application. But we do not want to display this to every user, but only to them who gave us the permission to access JIRA.
We will store the oauth tokens per user and not per JIRA.

So if user A does the oauth sign in he will see the issues inside our application. If user B does not do the oauth sign in he will see a “authorize access to JIRA” button.

When user B klicks the button he can give us access to JIRA. And in this case we want him to give us access to a specific JIRA not a random one he chooses from the list of JIRAs he has access to.

Is it now more clearer?


#7

@scallahan any updates on this? :slight_smile:


#8

@jakobjarosch No update yet unfortunately, but we’re aware that this is causing trouble for some integrations and are looking into getting this solved.

May I ask if you would personally prefer account-wide grants over the feature of ‘pre-selecting’ a site?


#9

@sreuter In our case we would prefer preselecting (or even disable the selection). This is because we already know the JIRA system we want access to when redirecting the user for granting us access.