OAuth2 Streamlining

Hi,

I’m looking at building an application that helps monitor jira activity for customers. This requires customers to connect their Jira account, and information is pulled over the Rest API.

As I understand the docs, there are really two ways to do this: 1) Provide a username/password and use HTTP basic auth for all calls. [Insecure], or 2) Configure OAuth or OAuth2 through application links.

  1. Is the easiest to understand for users, and takes the least setup on the user side, whereas 2) requires generating and installing a shared keypair on both Jira and the external application.

My question is: Is there a better way? Other services that use OAuth don’t require a new OAuth configuration for each new connection, and it seems that there is functionality in the application links section that is undocumented [It tries to automatically connect to the service, and then presents an error, which OAuth users have to ignore]. Are we able to leverage another connection method to make the process less painful for each user connection?

1 Like