We are trying to integrate a third part tool (BMC) with Jira Cloud. We need to Create Issue in Jira when a ticket is created in BMC. We are successful in implementing this using Basic Auth by calling Jira Create Issue API.
But our security team insists on a more secure authorization like OAuth.
However Jira Cloud is supporting only ‘Code Grant Type’ and not ‘Implicit Grant Flow’. I did went through the documentations in detail and below are the options I could find and think of.
By creating a OAuth app in Developer console, (‘OAuth 2.0 authorization code grants (3LO)’) we would get a confirmation screen (PFA) where the user manually has to provide consent. Unfortunately this will not work for us. We need a machine to machine integration, without human intervention.
Creating a Forge App and using the 'web-trigger module to expose and API endpoint.
With this approach BMC has to send the issue payload to web trigger end-point, in Forge app which in-turn has to send it to Jira API.
However I read that ‘web-trigger’ module does not have any authentication and we have to take care of that part ourselves. Is that correct ?
Build a Connect App :
I could not find any module, using which I can expose an API end point in Connect App which I can call from BMC. Is there one available ?
Even with an endpoint, will OAuth be applicable for BMC to Connect app integration. I think OAuth is applicable for Connect App to Jira integration by default.
As you mentioned for option 2, the web-trigger module does not have any authentication. This is a feature request that hasn’t been roadmapped just yet, which you can follow or express interest in here: [FRGE-47] - Ecosystem Jira
For option 3, I have a couple of follow up questions. Would it be an acceptable approach for you to use JWT tokens in Connect (Security for Connect apps) ? You will be able to call jira API as the app this way. It is easier if you use a framework like ACE or ACSB for this. Are you using a framework or something custom?
Yes… For Option 3, I am okay with any secure way of authentication. We haven’t started building the solution yet. We are still investigating which path to follow…
So any pointers in this regard would be much appreciated…
My integration would be as below:
Thirdparty tool <–> Connect App ← (JWT)–> Jira Cloud
With Connect app, JWT auth is applicable “between the app and the Atlassian host product” correct ? How about the integration between the third party tool to the Connect App side ?
Also is there a way I can expose an API endpoint in Connect App, so that it can be triggered from the thirdparty tool ?