Hello,
I am tinkering around oauth2 flow to have per user access to Jira Cloud. From what I read here - https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/ - scopes in authorization url must be delimited by space (%20).
However when I define an app in a developer console authorization url is generated with comma (%3A) delimited scopes.
And in my tests it works well with a comma and not with a space. In RFC 6749 the OAuth 2.0 authorisation framework defines the scope syntax as simple opaque space-delimited strings.
Does this mean that Atlassian Cloud oauth2 access is against RFC in this context? Should I use make my framework of choice to use comma delimited scopes in URL?
Regards,
Piotr
%3A
Hi @piotr.bojko,
I think you’re referring to the generated URL in the Authorization page in https://developer.atlassian.com/.
%3A
is : (colon) not comma. So in my Confluence example I have scope=read%3Aconfluence-content.summary%20read%3Aconfluence-space.summary
which using a URL decoder is scope=read:confluence-content.summary read:confluence-space.summary
.
I set up an example using Spring Boot with OAuth2 in Spring Security and the scopes are defined as
scope: offline_access, read:me, read:confluence-content.summary, read:confluence-space.summary
and Spring will covert this to the correct URL with a single space (%20) between scopes.
Can you check when you run your app and it builds the URL and sends you to https://auth.atlassian.com/authorize
, what does the scope section look like?
Regards,
James.
1 Like
Yeah!!!
I have just one scope “read:jira-user” not two scopes “read jira-user”.
I have totally misfired my deduction!
Thanks!!!
1 Like