I’m looking at building an application that helps monitor jira activity for customers. This requires customers to connect their Jira account, and information is pulled over the Rest API.
As I understand the docs, there are really two ways to do this: 1) Provide a username/password and use HTTP basic auth for all calls. [Insecure], or 2) Configure OAuth or OAuth2 through application links.
- Is the easiest to understand for users, and takes the least setup on the user side, whereas 2) requires generating and installing a shared keypair on both Jira and the external application.
My question is: Is there a better way? Other services that use OAuth don’t require a new OAuth configuration for each new connection, and it seems that there is functionality in the application links section that is undocumented [It tries to automatically connect to the service, and then presents an error, which OAuth users have to ignore]. Are we able to leverage another connection method to make the process less painful for each user connection?