Hey everyone, I’m trying to set up OAuth 2.0 two-legged auth for the Jira API in my .NET project. I’ve got my user key and a private/public key pair, but I’m stuck on creating the access token.
I need this for a web app that creates Jira accounts for new employees and assigns them to projects. I know I could use Basic Auth, but I want to do it the right way.
I’ve set up an application link in Jira with these settings:
App Type: Generic
Incoming Auth: OAuth
Consumer Key: TEST_JIRA_KEY
Public Key: (I generated this online)
I’ve looked at AnotherJiraRestClient on GitHub, but it uses Basic Auth. The OAuth2AuthorizationRequestHeaderAuthenticator looks promising, but it needs an access token.
Can anyone help me figure out how to get that access token using the two-legged approach? Most examples I’ve found use three-legged OAuth or Basic Auth. Any tips or code snippets would be super helpful. Thanks!
hey emmad, i’ve dealt with this before. have u tried the atlassian.sdk nuget package? it’s got some built-in oauth2 helpers that might save u some headache. just make sure ur using the latest version cuz older ones can be a pain. good luck with ur project!
I have implemented OAuth 2.0 two-legged authentication for the Jira API in several .NET projects using RestSharp and BouncyCastle. In this approach, you begin by generating a JWT token with your private key and the appropriate claims. Once you have the token, you send a POST request to Jira’s token endpoint, including the JWT in the request header, and then parse the response to obtain the access token. This method has proven secure and effective in handling token expiration and ensuring a reliable connection with Jira’s API.
I’ve gone through the OAuth 2.0 two-legged auth process for Jira API in .NET, and it can be tricky. One approach that worked well for me was using the JWT Bearer flow. You’ll need to create a JWT token signed with your private key, including claims like ‘iss’ (your app’s key), ‘sub’ (your user account ID), and ‘exp’ (expiration time).
Once you have the JWT, you can exchange it for an access token by sending a POST request to Jira’s token endpoint. I found the System.IdentityModel.Tokens.Jwt package really helpful for creating and signing the JWT in .NET.
Remember to store your private key securely and rotate it periodically. Also, make sure to implement proper error handling and token refresh logic in your app. It took some trial and error, but once set up, it’s a robust authentication method.