How can I implement OAuth 2.0 authorization for multiple users in Jira Software?

Other Questions Jira
1

I’m stuck trying to set up OAuth 2.0 for multiple users in Jira Software. I’ve created a project, got the authorization URL, and can get access and refresh tokens. But I can’t figure out how to authorize different users like I can with Google services.

Here’s what I’ve tried:

 def handle_redirect(request):
     auth_code = request.GET['auth_code']
     
     headers = {'Content-Type': 'application/json'}
     payload = {
         'grant_type': 'auth_code',
         'client_id': 'your_client_id_here',
         'client_secret': 'your_client_secret_here',
         'auth_code': auth_code,
         'redirect_uri': 'http://your-redirect-url.com/callback'
     }
     
     token_response = requests.post('https://auth.atlassian.com/oauth/token', headers=headers, json=payload)
     refresh_token = token_response.json()['refresh_token']
     access_token = token_response.json()['access_token']
     
     resource_headers = {
         'Authorization': f'Bearer {access_token}',
         'Accept': 'application/json'
     }
     
     resource_response = requests.get('https://api.atlassian.com/oauth/token/accessible-resources', headers=resource_headers)
     return JsonResponse({'resources': resource_response.json()})

Am I missing something? How can I authorize multiple Jira accounts with one client ID and secret?

2

I’ve dealt with a similar issue when implementing OAuth 2.0 for Jira in our company’s project management system. The key is to understand that Atlassian’s OAuth 2.0 implementation is user-centric, not app-centric like Google’s.

For multiple users, you need to go through the authorization flow for each user separately. Store the access and refresh tokens associated with each user’s account in your database. When making API calls, use the appropriate user’s tokens.

In your code, I’d suggest adding a user identifier to your token storage logic:

def store_tokens(user_id, access_token, refresh_token):
    # Store tokens in your database, associated with user_id


def get_user_tokens(user_id):
    # Retrieve tokens for the specified user from your database

This way, you can manage multiple users with a single client ID and secret. Just remember to handle token refreshing for each user when their access token expires. It’s a bit more complex than Google’s approach, but it offers better security and user management for Atlassian products.

3

hey mate, i’ve done this before. u need to store tokens for each user separately. like, create a table in ur db with user_id, access_token, and refresh_token columns. then when a user logs in, grab their tokens from the db and use those for api calls. dont forget to refresh tokens when they expire too!

4

Having implemented OAuth 2.0 for Jira in several projects, I can confirm that managing multiple users requires a different approach than with Google services. The key is to maintain separate token sets for each user.

In your implementation, consider creating a user-token mapping in your database. Each time a user goes through the authorization flow, store their tokens with a unique identifier. When making API calls, retrieve the appropriate tokens for that user.

Also, don’t forget to implement token refresh logic. Jira access tokens expire, so you’ll need to use the refresh token to obtain new ones periodically. This process should be transparent to the user.

Lastly, ensure you’re handling errors properly, especially for cases where tokens become invalid or users revoke access. Proper error handling will greatly improve the robustness of your OAuth implementation.