This page last changed on Mar 09, 2011 by ggaskell.

The instructions on this page describe how to configure OAuth for outgoing authentication and/or incoming authentication for an application link.

OAuth is a protocol that allows a web application to share data/resources with any other OAuth-compliant external application. These external applications could be another web application (such as a Confluence installation or an iGoogle home page), a desktop application or a mobile device application, provided that they are accessible from within your network or available on the Internet.

For example, you could set up an application link between JIRA and an iGoogle page using OAuth authentication. This would allow you to view data from your JIRA server in a JIRA gadget on the iGoogle page.

If you were setting up an application link between two applications which trust each other, do not share the same set of users, but both applications have the UAL plugin installed, you would typically configure OAuth for both outgoing authentication and incoming authentication. See Configuring Authentication for an Application Link for other configurations.

Key OAuth Terminology
  • Service provider — An application that shares ('provides') its resources.
  • Consumer — An application that accesses ('consumes') a service provider's resources.
  • User — An individual who has an account with the Service Provider.

For more information about OAuth, see Configuring OAuth as well as the OAuth specification.

Before You Begin

  • Adding an OAuth consumer requires the transmission of sensitive data. To prevent 'man-in-the-middle' attacks, it is recommended that you use SSL for your applications while configuring OAuth authentication.
  • Do not link to an application using OAuth authentication, unless you trust all code in the application to behave itself at all times. OAuth consumers are a potential security risk to the applications that they are linked to.
  • The instructions assume that both of the applications that you are linking have the Application Links plugin installed. If the remote application that you are linking to supports OAuth, but does not have the Application Links plugin installed, you will need to configure OAuth from within the remote application (see the relevant administrator's documentation for that application) in addition to configuring the outgoing/incoming authentication for the application link (as described below).
  • You must be a JIRA system administrator to configure OAuth authentication for an application link.

Configuring OAuth for Outgoing Authentication

Configuring outgoing OAuth authentication will allow JIRA to access specific functions and data on a remote application, on behalf of any registered user of that remote application.

To configure OAuth authentication for an outgoing application link:

  1. Log in as an administrator and navigate to the administration page. Click 'Application Links' in the administration menu. The 'Configure Application Links' page will be displayed, listing all of the application links that have currently been set up for your application.
  2. Click the 'Configure' link next to the application link that you want to configure trusted apps authentication for.
  3. Click the 'Outgoing Authentication' tab. The outgoing authentication page will be displayed.
  4. Click the 'OAuth' tab.
  5. If you are not currently logged into the remote application (or you logged into the remote application under a variant of the application's hostname, e.g. the IP address), a login dialogue will display.
    • Enter the 'Username' and 'Password' for the remote server, not your local server, and click the 'Login' button. The remote server needs to learn the identity of your local server for the OAuth protocol to work and your admin credentials are used to store your local server's public key on the remote server. If you are already logged into your remote server, then the appropriate changes can be made without having to log in again.
  6. Click the 'Enable' button to enable OAuth authentication for the outgoing link. Your application will be automatically set up to be the 'consumer' and the remote application as a 'service provider'.

Configuring OAuth for Incoming Authentication

Configuring incoming OAuth authentication will allow the remote application that you are linking to, to access specific functions and data in JIRA on behalf of any JIRA user.

To configure OAuth authentication for an incoming application link:

  1. Log in as an administrator and navigate to the administration page. Click 'Application Links' in the administration menu. The 'Configure Application Links' page will be displayed, listing all of the application links that have currently been set up for your application.
  2. Click the 'Configure' link next to the application link that you want to configure trusted apps authentication for.
  3. Click the 'Incoming Authentication' tab. The incoming authentication page will be displayed.
  4. Click the 'OAuth' tab.
  5. Click the 'Enable' button to enable OAuth authentication for the incoming link. The remote application will be automatically set up to be the 'consumer' and your local application as a 'service provider'.

Notes

Related Topics

Configuring Basic HTTP Authentication for an Application Link
Configuring Trusted Apps Authentication for an Application Link

Document generated by Confluence on Mar 27, 2011 18:36