OAuth2 token without user interaction


Currently I’m building a self-hosted backend application that performs calls to Jira Cloud. I created my app in the developer console and I am able to get the access token using client_id and client_secret. The problems begin when I try to get my cloudId. Constantly I receive an empty array as a response (200 OK). I tried with scopes, but cannot find the right configuration.

What is the right way to implement OAuth2 authorization that doesn’t require any user interaction? My application works as backend service, so there is no real user that can be redirected to login page. The official documentation describes only flow that requires the user interaction to get an authorization code.


Hi @blazejbrzezniak ,

Due to the nature of OAuth 2, it’s not possible to get authorization without user interaction (the user needs to grant your scopes). Would it be feasible for you to create a Forge app as a kind of connector, and ask site admins to install it?

Hi @mventnor,

thank you for your response.

I think that a Forge app is not suitable for our needs. Do we have other authorization options besides BasicAuth? Our app is hosted on a server outside the Atlassian environment, so sending username and password in the header is not the best option.

Hi @blazejbrzezniak ,

Rather than the password, ask the user to generate an API token here: Atlassian account

and send that as Basic Auth in place of the password. The user can easily revoke a token in case something goes wrong. This will hopefully meet your needs without the concerns of storing the user’s password.

@mventnor Thank you very much. If the token works with Jira REST API it is the solution we can use.

You can use it with the Jira REST API, with the same permissions as the user account. If the user isn’t an admin, you can’t call admin REST APIs.