We are trying to integrate a third part tool (BMC) with Jira Cloud. We need to Create Issue in Jira when a ticket is created in BMC. We are successful in implementing this using Basic Auth by calling Jira Create Issue API.
But our security team insists on a more secure authorization like OAuth.
However Jira Cloud is supporting only ‘Code Grant Type’ and not ‘Implicit Grant Flow’. I did went through the documentations in detail and below are the options I could find and think of.
By creating a OAuth app in Developer console, (‘OAuth 2.0 authorization code grants (3LO)’) we would get a confirmation screen (PFA) where the user manually has to provide consent. Unfortunately this will not work for us. We need a machine to machine integration, without human intervention.
Creating a Forge App and using the 'web-trigger module to expose and API endpoint.
With this approach BMC has to send the issue payload to web trigger end-point, in Forge app which in-turn has to send it to Jira API.
However I read that ‘web-trigger’ module does not have any authentication and we have to take care of that part ourselves. Is that correct ?
Build a Connect App :
I could not find any module, using which I can expose an API end point in Connect App which I can call from BMC. Is there one available ?
Even with an endpoint, will OAuth be applicable for BMC to Connect app integration. I think OAuth is applicable for Connect App to Jira integration by default.
As you mentioned for option 2, the web-trigger module does not have any authentication. This is a feature request that hasn’t been roadmapped just yet, which you can follow or express interest in here: [FRGE-47] - Ecosystem Jira
For option 3, I have a couple of follow up questions. Would it be an acceptable approach for you to use JWT tokens in Connect (Security for Connect apps) ? You will be able to call jira API as the app this way. It is easier if you use a framework like ACE or ACSB for this. Are you using a framework or something custom?