Jira 3-legged OAuth 2.0 prerequisites
Introduction
This page covers the prerequisites and steps for configuring the Jira connector to use 3-legged OAuth 2.0 (3LO) authentication with a private application configured in the Management Console App Registrations page.
Private applications are 3-legged OAuth applications that you configure for the Jira instance and then register in the Management Console App Registrations page with these values from the 3-legged OAuth application:
- Client ID and client secret
- Scopes
- Authorization URL
- Access token URL
- Refresh token URL
Note
When using the cloud application (Jitterbit App), an app registration is not required.
Configure the Jira OAuth application
Prior to registering an OAuth application in the Management Console App Registrations, you must create the OAuth application for the Jira instance.
For information on configuring a 3-legged OAuth application, see the following documentation (depending on your instance type):
- Jira Cloud
- Jira Server and Jira Data Center version 9.17
- Jira Server and Jira Data Center version 9.12
- Jira Server and Jira Data Center version 9.4
- Jira Server and Jira Data Center version 8.22
Callback URL
When configuring your OAuth application in Jira, ensure the Callback URL is set to one of the following URLs (depending on your organization's region):
| Region | URL |
|---|---|
| APAC | https://apps.apac-southeast.jitterbit.com/design-studio/api/v1/oauth/authcode |
| EMEA | https://apps.emea-west.jitterbit.com/design-studio/api/v1/oauth/authcode |
| NA | https://apps.na-east.jitterbit.com/design-studio/api/v1/oauth/authcode |
Roles
At a minimum, these roles must be assigned to the OAuth application to allow access to all connector activities:
manage:jira-configurationread:jira-userread:jira-workread:permission:jirawrite:jira-work
In addition to the above roles, Jira Server and Jira Data Center instances require the offline_access role.
Instructions
These are the instructions for obtaining the required values for the app registration:
-
Configure a 3-legged OAuth application for the Jira instance.
-
Navigate to your 3LO application in the Jira Developer Console's My Apps page.
-
To obtain the app registration's Client ID and Client Secret, navigate to Authentication Details in Settings and obtain the Client ID and Secret values.
-
To obtain the app registration's Scope, navigate to the Permissions page and obtain the scopes used for the application. In the app registration's configuration, enter each of the 3LO application's scopes in its code format, for example,
read:me. -
To obtain the app registration's Authentication URL, navigate to User identity API authorization URL from the Authorization page under Authorization URL generator.
-
Set the app registration's Access token URL as
https://auth.atlassian.com/oauth/token. -
Set the app registration's Refresh token URL as
https://auth.atlassian.com/oauth/token.
Once the 3-legged OAuth application is registered on the App Registrations page it is available to be selected in the OAuth Application menu under Private Applications in the Jira connection.