OAuth2 Forge app providers

I am currently working on implementing OAuth2 for authentication with Tempo.
Following the documentation’s example for Google OAuth2 in the ‘providers’ section of the manifest.ym :

    - key: google
      name: Google
        - 'profile'
        - 'https://www.googleapis.com/auth/userinfo.email'
      type: oauth2
      clientId: EXAMPLE
        - google-apis
          remote: google-account
          path: /o/oauth2/v2/auth
          remote: google-oauth
          path: /token
          remote: google-oauth
          path: /revoke
          remote: google-apis
          path: /userinfo/v2/me
            id: id
            displayName: email
            avatarUrl: picture
  - key: google-apis
    baseUrl: https://www.googleapis.com
  - key: google-account
    baseUrl: https://accounts.google.com
  - key: google-oauth
    baseUrl: https://oauth2.googleapis.com

I’ve encountered a problem - the base URL to obtain an authorization code from Tempo includes a variable, ‘jira-cloud-instance-name,’ in the form:
How do i declare it in the manifest?
Thanks in advance.

1 Like

Hi @HachimKhaldi ,

I don’t believe its currently possible to alter the domain name of a remote, or make it variable, as the admin would need to approve egress data when installing an app.

1 Like

Can you please provide any alternative ?

Sorry, let me just double check some assumptions I have made here.

When the Tempo docs say {jira-cloud-instance-name} they are talking about the *.atlassian.net site URL that each instance of Jira Cloud has (set when you create a new site at Try Atlassian Products for Free | Atlassian).

Are you asking what the value should be for a particular tempo instance,
or are you asking how you can automatically fill that value out in the manifest based on where your app is installing, so it is portable?

If you are building an app for a specific installation of Tempo, you could just grab the cloud URL for that instance and include it in the manifest, but it would not be portable to other installations.

I want to automatically fill that value out in the manifest based on where the app is installed.

We faced this issue for multiple providers that requires a variable url to obtain an authorization code ( Tempo , ServiceNow… )

I hope we can fix it or at least have a workaround
Thank you

Unfortunately that is not something we support right now with external authentication.

I think it would be worth reporting this in the FRGE project - Dashboard - Ecosystem Jira

I found it interesting that Tempo have a stable URL for token exchange, but it was the browser URL that was variable, maybe they also have a stable URL for the authorization somehow?