Where should org-level Oauth2 3LO apps be created?

JordanGlassman · August 14, 2019, 12:42pm

Orgs can create vendor pages for distributing apps on the marketplace and manage users using the Contacts feature, ie. https://developer.atlassian.com/platform/marketplace/#associate-your-account-with-a-vendor-profile

However, for Oauth2 3LO, I can only find ways to create “apps” associated with my personal account here Log in with Atlassian account

Obviously it’s important for my org to be able to access this data to update urls, secrets, etc., independently of my personal account.

Per [ACJIRA-1588] - Ecosystem Jira and the docs here, I understand that Oauth2 3LO is still in beta.

Will coming out of beta include the ability for orgs to manage these apps, similar to the marketplace apps? Is there a way to do this currently?

rwhitbeck · February 4, 2020, 4:28pm

Hey @JordanGlassman, does this section of the docs not help answer this question?

JordanGlassman · February 4, 2020, 4:43pm

Thanks for the reply @rwhitbeck.

I’m asking about something different. The Oauth apps I’ve created for my organization’s app are viewable by me, and only me, here: Log in with Atlassian account

But what if I leave the company? What if I want to delete my Atlassian account? How can other members of my organization get access to those app configurations?

rwhitbeck · February 4, 2020, 8:38pm

Ah ok, I understand your question now. I think currently this is a known issue that hasn’t been solved yet.

I’ll ask the team in Sydney if there is anymore of an update to this and / or plans to move it forward.

dmorrow · February 4, 2020, 10:21pm

Hi @JordanGlassman,

As per OAuth 2.0 (3LO) for apps guide, “Listing a OAuth 2.0 (3LO) app on the Atlassian Marketplace is currently not supported”. However, you can create a “dummy app” in the Atlassian Marketplace in order to market your app. To do this:

Visit https://marketplace.atlassian.com/.
Click your avatar at the top right and select “Publish a new app”.
Within the form for “Upload your app”, select the “My app isn’t directly installable“.
Continue providing your app details…

Regarding the ability for multiple users to manage OAuth 2.0 3LO apps, currently this is not supported and there is no estimate for when this will be available.

Regards,

Dugald

JordanGlassman · February 5, 2020, 3:45pm

Thanks @dmorrow.

Regarding the ability for multiple users to manage OAuth 2.0 3LO apps, currently this is not supported

So if for some reason my personal Atlassian account will no longer be accessible, someone in my organization will need to recreate the Oauth apps under their personal Atlassian account, and get them re-approved at the Developer Service Desk, and all client ids and secrets will also need to be updated everywhere.

As an alternative, would it be possible to manually transfer these apps to someone else’s account via a request created at the Developer Service Desk?

dmorrow · February 6, 2020, 1:43am

Hi @JordanGlassman,

It is possible to re-assign the ownership of an app, but you would have to create a Developer Service Desk ticket to trigger us. Our backlog contains a project to provide team ownership of apps, but it has not been scheduled yet.

Regards,
Dugald