Sharing of OAuth 2.0 (3LO) app does not show warning that the app has not yet been reviewed by Atlassian

NikosStergiou · June 9, 2022, 8:28am

I am implementing OAuth 2.0 (3LO) for apps using jira cloud and I have shared my oauth2 integration with other users (outside my organization), by sharing my app through the developer console.

I can read here,

Users trying to install an unapproved OAuth 2.0 integration are warned that the app has not yet been reviewed by Atlassian

However when I am trying to enable access to this oauth2 integration for another atlassian user (outside my organization), I get no such warning.

The question is, do I really need to get my app through a review and approval procedure or I can just share with other users without going through approval and without them getting a warning about the app not being approved?

Please note that I don’t want to list my app in the Atlassian marketplace and also I have declared that my app is not storing any personal data.

Thanks

ccurti · June 15, 2022, 6:39am

Hi @NikosStergiou,

You can share the app without going through the approval procedure. For 3LO apps, the listing is informational only with limited Marketplace features. It’s mainly used for other users and customers to find the app, but if you are in a position to share the installation/authorization link directly with them then there is no need to get a Marketplace approval.

Regarding the missing warning, I’ve raised this bug report: [FRGE-743] - Ecosystem Jira

Thanks,
Caterina

NikosStergiou · June 15, 2022, 9:18am

Thanks @ccurti

So, assuming that the bug is fixed, if I don’t wish my users to get the warning, in that case I do need to get my app approved (and listed in the marketplace). Is that correct?

ccurti · June 15, 2022, 9:31am

That’s correct @NikosStergiou.