Creating a Custom OAuth Application
Creating a Custom OAuth Application
If you do not have access to the user name and API token or do not wish to require them, you can use OAuth authentication. Jira uses the OAuth authentication standard, which requires the authenticating user to interact with Jira via the browser. The provider facilitates the OAuth exchange in various ways, as described in this section.
NOTE: Jira Cloud supports OAuth 2.0 only.
CData embeds OAuth Application Credentials with CData branding that can be used when connecting via a desktop application or headless application.
You may choose to use your own OAuth Application Credentials when you want to
- control branding of the Authentication Dialog
- control the redirect URI that the application redirects the user to after the user authenticates
- customize the permissions that you are requesting from the user
Procedure
To obtain the OAuth client credentials, consumer key, and consumer secret:- Log in to your Jira Cloud site.
- Navigate to application management at https://developer.atlassian.com/apps/ (not your OAuth credentials at yoursitename.atlassian.net/secure/admin/oauth-credentials, which is for self-hosted tools.)
- Select Create new app, then name the application. This creates the application.
- If missing, add OAuth 2.0 functionality to your application by navigating to APIS AND FEATURES > + Add > Add OAuth 2.0 (3LO).
- From APIS AND FEATURES > + Add, add the Jira platform REST API to your application .
- From APIS AND FEATURES > + Jira platform REST API, add the desired scopes to your application .
- You'll additionally need to set up your Callback URL. Navigate to APIS AND FEATURES > OAuth 2.0 (3LO). Enter a URL that is accessible to your application and save the changes.
Desktop Applications
After setting the following connection properties, you are ready to connect:
- OAuthClientId: Set to the consumer key in your application details.
- OAuthClientSecret: Set to the consumer secret in your application details.
- CallbackURL: Set to the callback URL found in your application details under APIS AND FEATURES > OAuth 2.0 (3LO).
- InitiateOAuth: Set to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.
- OAuthVersion: Set to 2.0.
- Url: The URL to your Jira endpoint; for example, https://yoursitename.atlassian.net.
When you connect, the provider opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the following OAuth process:
- Gets the callback URL and sets the access token and oauthserverurl to authenticate requests.
- Saves OAuth values in OAuthSettingsLocation. These values persist across connections.
- Exchanges the returned refresh token for a new, valid access token.
Web Applications
To obtain the access token, set the following connection properties:
- OAuthClientId: Set to the consumer key in your application details.
- OAuthClientSecret: Set to the consumer secret in your application details.
- CallbackURL: Set to the callback URL in your application details under APIS AND FEATURES > OAuth 2.0 (3LO).
- Url: The URL to your Jira endpoint; for example, https://yoursitename.atlassian.net.
- OAuthVersion: Set to 2.0.
When connecting via a web application, or if the provider is not authorized to open a browser window, you need to exchange temporary verification values for the access token:
- Call GetOAuthAuthorizationURL. The stored procedure returns the URL to the OAuth endpoint.
- Log in and authorize the application. You are redirected back to the callback URL. If you set the GrantType parameter to Implicit, the callbackURL contains the OAuthAccessToken and oauthserverurl in a query string parameter. If you set the GrantType parameter to code, the callback URL contains the verifier code in the query string parameter named "code". Extract the verifier code and call GetOAuthAccessToken.
To connect to data, set the following connection properties:
- OAuthAccessToken
- OAuthVersion
- OAuthClientId
- OAuthClientSecret
- OAuthAccessToken
- Url