OAuth2/3LO - general feedback and support thread

Hey everybody!

We’d love to take the opportunity and gather everyone’s feedback and current successes/pain-points with the new 3LO integration that already landed in Jira, and will soon be available in Jira Service Desk as well as other products.

There’s a list of things that we’re still actively working through, to list a few:

That being said, please don’t hesitate to provide any feedback on anything mentioned in this list already as well, as we’d love to hear your thoughts in terms of the “how” and urgency from your side.

For those who already went live, awesome! Please share your success stories & learnings as well.

We’d really love to hear about all the things and help you get going as fast as possible.

Thank you.


I am not able to get it to grant me a token after I send the post with my code as referenced here: OAuth2 3LO Unable to exchange code for access token

Is anyone using this API? Step 1 in the oauth document flow works to get the code. Step 2 Exchange the Auth code for an access token fails every time for me with access_denied.

@haskovec Thanks for reaching out! I just replied on your thread, there was an extra colon in the payload. We’ll take this as great feedback for providing better error messages. Let us know how you go from here!


Hi, any update on this Support for Jira Software? adding 3LO support for Jira Software rest api would simplify a lot of things

1 Like

OAuth2 seemed to be a compelling alternative to our legacy integration via HTTP Basic, so we went down this path, but it turned out to be a frustrating waste of time for us since Jira Software APIs are not (“yet”) supported. The beginning of this thread indicated that support was being “actively worked” as of almost a year ago now – can you give an update on when/whether we should expect this capability?

The API is working pretty great so far for our small app. The review process for publishing it live has the status “Triage” for almost two weeks though… how long will this approximately take, please?

Hi @sreuter,

Can I ask you for help in my OAuth related thread? I believe this can be treated as a feedback to the documentation :wink:

Here is the thread I mentioned:

Hi there,
We have several suggestions for areas where the current implementation can be improved for better DX and app management:

  1. First things first, you’ve already mentioned this but the fact there is not streamlined procedure to publish the app has to be addressed. We currently have filed a review request which has gone unanswered during the last two weeks so at least acknowledging and giving some kind of timescale for the review process would improve this ordeal greatly.
  2. Allow apps to be shared before being submitted for review. Currently apps which are not published can’t be used by users even within the same org. Allow apps to be shared with some warning in the consent string to allow faster G2M times and development ease.
  3. Apps are managed by an individual account. This goes against business continuity measures everywhere. Apps should be possible to collaborate on with a shared ownership model so that having the owner of the app leave your org won’t be of any issue.
  4. Apps should have account level flavor. Currently apps are associated on a user level access, some use cases require “Account level” access which isn’t associated with a specific user and shouldn’t be revoked if a certain user changed their password. These apps could only be authed by users with administrative permissions in the account and from then on should be handled as service accounts.

If you would like to dive deeper into any one of those items, I’d be happy to.
Thank you.

1 Like