Which authentication method is best suited to slack bot app? (3LO apps seem to be beta?)

I’m developing a bot to fetch some data from JIRA.
Firstly this is not built into the JIRA UI so from what I can tell this excludes JIRA Connect? (Although it doesnt explicitly say JIRA connect is ONLY for UI plugins / apps…?)

Then the recommendation says:

If you are building an integration that doesn’t use Connect, we recommend that you use OAuth 2.0 authorization code grants (3LO) for apps over other authentication methods, such as basic authentication and OAuth 1.0a.

So I have been building OAuth 2.0 3LO flow but I can’t get it to work. When the user triggers a data command, my app redirects the user to the endpoint auth.atlassian.com/authorize?audience=api.atlassian.com&client_id={my-app-id}&scope=read%3Ajira-work&redirect_uri={callbackurl}&state={mystate}&response_type=code&prompt=consent with fields filled in.

When the user clicks on this it seems to redirect to auth,atlassian,com/login?xxx which then redirects to api,atlassian,com/oauth2/authorize/consent?xxxx and then I get a ‘Something went wrong’ page.

It’s not redirecting to my callback endpoint.

My first thought was I was using a different user account to the app owner account, and I can see on my app dashboard that ‘the app is not public’ and ‘apps are in beta…’ so maybe this isn’t the recommended method right now? Do I just need to make the app public by emailing the service desk?

If 3LO apps are still in beta why is it the recommended method? Am I missing something?

Should I be using OAuth 1.0 flow instead?
All I want to do is for users to connect their JIRA account with their slack account and be able to fetch some JIRA data from slack without having to log in all the time.

Thanks
Mike

1 Like

Hi @AfterShok,

3LO is still labelled Beta because it does not yet have some functionality like webhooks. But for an app that just needs to make API calls it should be just fine. If you wish to make your 3LO app work for users other than the developer account, then it must be enabled by submitting a Service Desk ticket: https://ecosystem.atlassian.net/servicedesk/customer/portal/14/group/66/create/274