Oauth_callback not redirecting ressource owner's user agent

Dear Jira Team,

Our tool is internally deployed and not reachable from JIRA. We’d like to implement OAuth via Jira to connect it up.

If I set oauth_callback to “oob” the user has to copy the token.
If I omit oauth_callback, it says “You have successfully authorised ‘ConsumerID’. Please close this browser window and click continue in the client.” - but how does the client/consumer obtain the token?
If I set oauth_callback to anything else, I get “Unauthorized: Signature Invalid”.

But actually Jira should redirect the user’s browser to the URL defined in oauth_callback after the user approved.

https://tools.ietf.org/html/rfc5849
oauth_callback:
An absolute URI back to which the server will
redirect the resource owner when the Resource Owner
Authorization step (Section 2.2) is completed. If
the client is unable to receive callbacks or a
callback URI has been established via other means,
the parameter value MUST be set to “oob” (case
sensitive), to indicate an out-of-band
configuration.

Am I missing something here? If not, would it be possible to adhere to the RFC or add OAuth2.0 support?

Kind regards,
Jan

1 Like

@jan.schnitker Were you able to solve this problem? I run into the exact same one with JIRA Server 8.13.10.

@DennisSchridde,

If you are eager to get some input or help, I’d recommend opening a new post, if only because the OP was about Cloud, but also because the post is now 3 years old. In that time Jira Cloud does have an OAuth 2.0 option, which is not available on Jira Server.

Meanwhile, if you are asking about OAuth 1.0a, I’ll admit that is some very old code with few remaining experts, inside or outside of Atlassian. If you could bump to a newer version of Jira, maybe the new Personal Access Tokens would solve for your needs? In any case, additional context (in a new thread) about constraints for your needs would help the community provide better answers.

1 Like

Thank you. I created JIRA responds with "You have successfully authorised ‘ConsumerID’. Please close this browser window and click continue in the client." when setting oauth_callback=oob.