JiraConnect allows OAuth login
Problem
In #263509 (closed) we discovered that adding a namespace in the JiraConnect app does not work in some browsers. This is because those browsers block cross site cookies so users appear as not logged in.
Solution
copied from #284211 (comment 479318354)
Use a normal OAuth2: Authorization code flow with the connect app:
- User visits Jira-Cloud settings page
- Frontend generates a code_verifier and stores it in local storage.
-
Frontend generates an oauth link including the code_challange and Jira JWT + current path as
state
. - User clicks the sign-in button which redirects to GitLab's Oauth page in a new tab.
- Backend uses the JWT and path from state to redirect back to the Jira namespace, with added code after login.
-
Frontend uses the
AP.getLocation
API in order to get the code from the URL. -
Frontend requests an access token using the code from the URL and
code_verifier
from local storage.
Here is the result of a pairing session @leipert, @tomquirk and @Andysoiron did to try this solution: https://www.youtube.com/watch?v=n7TrvSlBKbw
Andy's backend experiment: https://youtu.be/uGbXNM2JEi8
Edited by Libor Vanc