With the proper shipping of [JRACLOUD-30371] Allow cross-domain requests for CORS - Create and track feature requests for Atlassian products. the need to create a “product proxy” for the Jira 3LO APIs is no longer needed. The JIRA 3LO APIs as documented for access via “authorization code grants” (documentation here, https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/) this should work as intended.
If you find any issues with this please let us know and we will address them, but with things are working as expected with a sample application. Please note that there’s no support for the implicit grant flow yet, so client-side only apps will still need for that to be added.