Skip to content

JiraConnect allows OAuth login

Problem

In #263509 (closed) we discovered that adding a namespace in the JiraConnect app does not work in some browsers. This is because those browsers block cross site cookies so users appear as not logged in.

Solution

copied from #284211 (comment 479318354)

Use a normal OAuth2: Authorization code flow with the connect app:

  1. User visits Jira-Cloud settings page
  2. Frontend generates a code_verifier and stores it in local storage.
  3. Frontend generates an oauth link including the code_challange and Jira JWT + current path as state.
  4. User clicks the sign-in button which redirects to GitLab's Oauth page in a new tab.
  5. Backend uses the JWT and path from state to redirect back to the Jira namespace, with added code after login.
  6. Frontend uses the AP.getLocation API in order to get the code from the URL.
  7. Frontend requests an access token using the code from the URL and code_verifier from local storage.

Here is the result of a pairing session @leipert, @tomquirk and @Andysoiron did to try this solution: https://www.youtube.com/watch?v=n7TrvSlBKbw

Andy's backend experiment: https://youtu.be/uGbXNM2JEi8

Edited by Libor Vanc