feat: Enable OAuth 3LO support #877
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
christianarty
force-pushed
the
add-oauth-type
branch
from
ec9c285 to
323089d
Compare
|
cc: @ankitpokhrel for visibility. It'll be great if this can be reviewed/merged soon, so folks that can only authenticate through |
…figureServerMeta`
… transport in the client
…er, rather than their own JIRA server
christianarty
force-pushed
the
add-oauth-type
branch
from
fa19335 to
0ebaa17
Compare
|
@ankitpokhrel Could you take a look at this PR when you get a chance? I think this is a nice feature add (and personally been using it for months now without hiccup) |
|
@christianarty Thanks for the PR! I'm currently away, I'll look into this in a few weeks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
fixes #863
This PR allows for users to have another option (
oauth) when generating their JIRAconfig.ymlfor the Cloud installation.Details
This PR implements JIRA's 3LO OAuth solution for users to obtain a JIRA access token.
Each consumer of
jira-cliwill need to create a JIRA App with the specific scopes in order to connect it properly with their JIRA cloud instance.The oauth secret will be stored in the
.config/.jiradirectory, where the tokens will be automatically regenerated when it expires and the newly generated tokens will be cached to the oauth secret file.How to create a JIRA App properly:
See this discussion post here: #879 (comment)
Known Limitations/Issues
Note
This limitation has also been noted in the README under the
Known Issuessection.Ideally, for OAuth, we would have one single distributed app that can be installed in multiple different JIRA cloud instances. However, The 3LO doesn't support Proof Key for Code Exchange (PKCE). Without this support, we would have to share the single distrubuted app's client secret with all the consumers. See these links for more info:
As noted in the forum above, a workaround would be that each consumer has to create their own JIRA app and use that app's client ID and secret in the
jira-cliclient app.Testing Done
make deps install=> WORKS~/go/bin/jira issue create -tTask -s"TEST TICKET" -l"testing" --template ~/jira/task.tmpl -a$(~/go/bin/jira me)=> WORKS (created a ticket, and proper link)make test=> WORKSmake lint=> WORKSmake ci=> WORKS