Oauth 2.0 based REST API apps distribution

Jira Development Jira Cloud
, , , ,
#1

I’m currently working on JIRA app based on Oauth 2.0 (3LO). It’s currently “in development”. Is it possible for me to share full access to this app (e.g. configurations) with collaborators on my team? E.g. we all want to be able to update callback URLs, add Atlassian APIs and allowed scopes on the app dashboard.

More generally, being able to share admin access to an app will be useful even after distribution. E.g. one developer should not have sole access to production app configurations.

Any advice on best practices?

Thanks in advance!

#2

Hi @JackieTung,

At this stage, only one user can manage OAuth 2.0 (3LO) apps within the app management section of the developer site: developer.atlassian.com/apps/.

We are aware of the need for apps to be managements by multiple people within an organisation, but we are yet to implement this.

Also note that it is not possible to transfer the ownership of an app from one account to another.

For the moment, you will need to pick a single account to manage each app from.

Regards,
Dugald

#3

Thanks for the quick and clear response here. Some follow up questions.

Do you have any guidance on best practices for the time being? For example, should we create a common account (like “app-owner@airtable.com”, or “it@airtable.com”) and share credentials among ourselves? My concern of using a real user is: what if I create the app, and then leave my company at some point?

1 Like
#4

Hi @JackieTung,

We don’t have any official best practices, but I believe a strategy such as using a shared account seems like a good compromise, especially if you pass it by your corporate security team and ensure you follow their recommended practices such as sharing the password using secure means and changing the password on a periodic basis and/or when one of your team members leaves your organisation.

Regards,
Dugald

#5

any updates on this issue?

#6

Welcome to the Atlassian developer community @HarendraChhekur,

Multi-User App Ownership is currently listed on the Forge Roadmap for FY22Q4. For anyone who is not an Atlassian that means Q2 2022.

#7