Dear Jira Team,
Our tool is internally deployed and not reachable from JIRA. We’d like to implement OAuth via Jira to connect it up.
If I set oauth_callback to “oob” the user has to copy the token.
If I omit oauth_callback, it says “You have successfully authorised ‘ConsumerID’. Please close this browser window and click continue in the client.” - but how does the client/consumer obtain the token?
If I set oauth_callback to anything else, I get “Unauthorized: Signature Invalid”.
But actually Jira should redirect the user’s browser to the URL defined in oauth_callback after the user approved.
https://tools.ietf.org/html/rfc5849
oauth_callback:
An absolute URI back to which the server will
redirect the resource owner when the Resource Owner
Authorization step (Section 2.2) is completed. If
the client is unable to receive callbacks or a
callback URI has been established via other means,
the parameter value MUST be set to “oob” (case
sensitive), to indicate an out-of-band
configuration.
Am I missing something here? If not, would it be possible to adhere to the RFC or add OAuth2.0 support?
Kind regards,
Jan