OAuth 2.0 token

Jira Development Jira Cloud
,
6

Now that you’ve linked to the docs, I had a quick look. Jira Spoke does apparently “speak OAuth”. I don’t think you should need to be messing around with OAuth 2 on the CLI. It certainly should not be needed by Jira Spoke. That said, maybe you’ll find some diagnostic value making sure that your app settings are valid, so I’ll share some tools here.

  1. Install oauth2c.
  2. Install jq.
  3. Install xh. Or, you can quickly switch xh for httpie, which is CLI compatible. If not, you might be able to change my script below to use good ole curl.
  4. Export shell variables for ATLASSIAN_APP_3LO_CLIENT_ID and ATLASSIAN_APP_3LO_CLIENT_SECRET.
  5. Put the following into an executable script. I called mine atlassian-oauth2.sh. Make sure it has execute permissions.
#!/usr/bin/env sh
SCOPES='offline_access read:me'
REFRESH_TOKEN=`jq --raw-output '.refresh_token' access_token_response.json`

if [[ -z "$REFRESH_TOKEN" ]]; then
    echo "Performing authorization code flow to obtain initial access token response"
    oauth2c https://auth.atlassian.com/ \
        --client-id "$ATLASSIAN_APP_3LO_CLIENT_ID" \
        --client-secret "$ATLASSIAN_APP_3LO_CLIENT_SECRET" \
        --response-types code \
        --response-mode query \
        --grant-type authorization_code \
        --auth-method client_secret_post \
        --scopes "$SCOPES" \
        --silent \
        > access_token_response.json
else
    echo "Performing refresh token flow to obtain a fresh access token response"
    oauth2c https://auth.atlassian.com/ \
        --client-id "$ATLASSIAN_APP_3LO_CLIENT_ID" \
        --client-secret "$ATLASSIAN_APP_3LO_CLIENT_SECRET" \
        --grant-type refresh_token \
        --auth-method client_secret_post \
        --refresh-token $REFRESH_TOKEN \
        --silent \
        > access_token_response.json
fi

ACCESS_TOKEN=`jq --raw-output '.access_token' access_token_response.json`
xh https://api.atlassian.com/me \
    --verbose \
    --auth-type bearer \
    --auth "$ACCESS_TOKEN"

The above should spit out some JSON about you (or whoever has granted access in the flow). The oauth2c command also has an interactive mode so you can also just type oauth2c and refer to some of the values above to see a little more information.