How https://api.jiraassistant.com/jira/oauth/token works?

[phuongwd]

Hello @shridhar-tl

Could you share why do we need to request to https://api.jiraassistant.com/jira/oauth/token?
(or why do we need handle the jaJiraTokenExchangeUrl on your server?)

jira-assistant/src/services/jira-oauth-service.js

Lines 46 to 55 in 7dc318d

	// This function returns userid when it is not passed
	// and returns bearer token when user id is passed
	async getAndSaveToken(authCode, refreshToken, userId) {
	const returnUserId = !userId;
	let result;
	try {
	result = await this.$request.execute('GET', jaJiraTokenExchangeUrl, null,
	authCode ? { withCredentials: false, 'jira-auth-code': authCode } :

btw: it always return this error message

Integration failed:  Error: Cannot destructure property 'url' of 'sites[0]' as it is undefined.
    at JiraAuthService.getAndSaveToken (jira-oauth-service.js:79:1)
    at async JiraAuthService.integrate (jira-oauth-service.js:39:1)
    at async processJiraCloudOAuth (index.web.js:83:1)
    at async initializeApp (index.web.js:45:1)

Could you share how do we resolve it?

Thank you so much!

[shridhar-tl]

Hi @phuongwd, For doing OAuth with any service, we need a secret key which is provided by service. In this case its Atlassian Jira.

As this secret key is a credential which cannot be shared with clients, I need to store it securely in server. Using that secret key only we can request for Auth token. So we need this API call which internally request Jira to provide auth token which is returned back to browser.

Some of the companies earlier were not comfortable using this because of this API call. If your company also has similar issue, then I have two suggestion:

Option 1: Source code is available for you to download in Git Hub. You can ask your company to download the source code and you can host your own instance of API and this tool to do this authentication which would solve this issue.

Option 2: You have two other authentication option which does not require such API call which can be used by you. Just go with browser authentication or user name password based authentication.

I know this API call is broken since couple of days as I switched DNS record and it is still not properly propagated. It should automatically get resolved after some time or, for some people flushing the DNS also solved it.

However, like I always suggest to everyone, if you have option to use browsers authentication, that is more secured as it does not need any such API calls and it does not even need to store auth token in your browser cache. Additionally some of the functionalities like Sprint report which does not work with OAuth does work with browser authentication.

So its up to you how you use it. If you still wanted to use OAuth itself, then you can try again later or after a day's time.

If you need more information about self hosting options, please ask your IT team to contact me and I will help them with setting it up within your organization so that they need not depend on my API's or my hosting.

[phuongwd]

Hi @shridhar-tl

Thanks a lot for quick response and detailed information.

Regrading the option 1, could you give the url to download?

[shridhar-tl]

This is the source code repository for Jira Assistant. Just go to Code tab and you will see the code. For API it is simple, depending on what technology you are about to use, Atlassian site contains the sample source code.

Its simple API call to couple of following url's and nothing more than that:
https://auth.atlassian.com/oauth/token
https://api.atlassian.com/oauth/token/accessible-resources