Hi there!
We are trying to integrate 3LO OAuth with our app by follwing your docs here: https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/
Unfortunately we only get an error when we try to send our request to:
auth.atlassian .com/authorize?.. saying that we should contact support. Instead we would expect a consent sscreen.
We try to get the following scopes:
read:jira-user read:servicedesk-request read:jira-work
but no combination worked so far. Not even view:userprofile
If we omit the scopes it says we did not request any scopes.
More detail:
- Request from browser:
auth.atlassian .com/authorize
?client_id=0Yef
&response_type=code
&redirect_uri=https%3A%2F%2Flocalhost%3A5001%2Fsignin-atlassian
&protocol=oauth2
&scope=view%3Auserprofile
&_csrf=q82UqE...
&_intstate=deprecated
&state=g6Fo2S...
&connection=oidc-session-bridge
&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOC4xMi4yIn0%3D
- In return we get an 302 redirect
id.atlassian .com/oidc/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Fauth.atlassian.com%2Flogin%2Fcallback&state=....&client_id=RP6...
- The browser makes the redirect
auth.atlassian .com/login/callback?code=3c47863b...&state=ncBdCS...
- In return we get a 302 and the browser makes the call:
api.atlassian .com/oauth2/authorize/consent?state=g6Fo2S...
Boom, here we only get an error page…
We are ready to share our code with you. It’s C# ASP.NET Core 2.2.
Thanks!
David
Hi,
We will need to investigate this further. Could you please raise a ticket at Developer Service Desk portal and provide all the details including your authorisation URL?
Thanks.
@DavidKeller,
In your first auth.atlassian.com URL, you are missing the audience=api.atlassian.com and prompt=consent query parameters. We have a stricter implementation of OAuth 2.0 than most libraries, nonetheless these query params are required.
If this resolves your issue, we’ll raise this with the 3LO team to have a more informative error message.
Hi @mventnor and @aagrawal2
Thanks for your inputs. I have adjusted the first call as requested and added the two params like:
https://auth.atlassian.com/authorize
?client_id=0YefZV548...
&response_type=code
&redirect_uri=https%3A%2F%2Flocalhost%3A5001%2Fsignin-atlassian
&protocol=oauth2
&scope=view%3Auserprofile
&audience=api.atlassian.com <------------------
&prompt=consent <------------------
&_csrf=jTH82sNZ-O81o3WkTslBedjSJNQWdxDZJEvo
&_intstate=deprecated
&state=g6Fo2S...
&connection=oidc-session-bridge
&auth0Client=eyJuYW...
Unforunately I get the same (general) error at the end of the flow.
Nevermind, I publish the further steps again, just for investigation:
In return to the first call above I get an 302:
https://id.atlassian.com/oidc/oauth/authorize
?prompt=consent
&response_type=code
&redirect_uri=https%3A%2F%2Fauth.atlassian.com%2Flogin%2Fcallback
&state=SzQFqXgRaeOI170JlU-dSMRG_bkYPfyl
&client_id=RP6Qe...
Where I get another 302 with the code:
https://auth.atlassian.com/login/callback
?code=7afc....
&state=SzQFqXgRaeOI170JlU-dSMRG_bkYPfyl
From where I get another redirect:
https://api.atlassian.com/oauth2/authorize/consent
?state=g6Fo2SB3UWt6d1owQkRqQkM3bWtVZnhnYmY3QTFKWGRxakxyU6N0aWTZIDFvbEFTWS1NbnJwV0M0Tkg3M3gxR2RLTXYwR3ctaEtho2NpZNkgMFllZlpWNTQ4Y3N0MmxmN3BmaVMybzRwc3lPam84VHY
Wich leads to an 200, but the webpage shows the error page.
A few ajax calls to api.segment.io/v1/p, /t and /i all return succes: true
Should I still open a ticket at Service Desk portal?
Thanks,
David
Hi @DavidKeller,
Thanks for sharing the details. I would recommend that you open a ticket at the portal with all these info.
Thanks - we’re opening a ticket.