I am creating an Atlassian Connect with WebPanel module. I would like to do the below things, Is it possible? I attached the sequence diagram.
Use story:
Sequence diagram:
Thanks in advance.
If any user at all on the instance is allowed to access the token, have you considered app properties? https://developer.atlassian.com/cloud/jira/platform/storing-data-without-a-database/
@rmassaioli I appreciate your response but it is not good idea because I think we should not store sensitive data such as token to App Properties according to Storing data without a database.
App properties can be manipulated by a malicious authenticated user (e.g., by making REST calls through the developer console). For this reason:
- Don’t store user-specific data in app properties (particularly sensitive data).
Please correct me if I am wrong.
I think that the real question is:
If the answer is NO to both, then App properties should be fine for your use case. If it is Yes to either, then you’ll likely need to store the token in your backend service and call to it using another auth mechanism.
Sorry not to replay quickly. I was OOO.
I appreciate you summarize my question. There are exactly I would like to ask.
In my situation, both answer is NO so I will store the credential data in my backend.
First one is YES so I will store the credential data in my backend
Thanks again 
I’m confused. You said the answer to both was no but suggested to store in your back-end anyway.
