Wiki<>Confluence Connect App - Authenticate GitLab user in Confluence
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
How is Authentication implemented for Confluence Connect Apps?
Atlassian Connect authenticates apps using JWT tokens. At installation time, the Connect app and the host product exchange a security context containing a shared secret used to create and validate JWT tokens for use in API calls. The use of JWT tokens guarantees that:
- The Atlassian product can verify it is talking to the app, and vice versa (authenticity).
- None of the query parameters of the HTTP request, nor the path (excluding the context path), nor the HTTP method, were altered in transit (integrity).
Here are instructions on setting up JWT Tokens for a Connect App.
How is Authorization implemented for Confluence Connect Apps?
Authentication and authorization rely on elements in the app descriptor. The app descriptor, declare that the app uses JWT as the authentication mechanism.
- In the app descriptor, declare any scopes needed by the endpoints your app will access.
- When the installation callback is called at app install time, the host product passes in a security context that your app uses to validate incoming requests and sign outgoing requests.
How do we Implement Authentication and Authorization for our Atlassian Connect App?
Create JWT tokens
The Atlassian client frameworks (Node.js) include tools for creating and using JWT tokens
Authorization
Authorization via scopes and app users: Scopes are permissions that are defined in the app descriptor. The app has its own app user with permissions controlled by the admin. The set of allowed actions is the intersection of the scopes and the permissions of the app user. This is the normal authorization method, which you should use unless you need to make server-to-server requests on behalf of a user.
For more information, visit this Atlassian Site.
/cc @jbroullon