Unlicensed Users in Jira Service Managment are not able to Authorize OAuth Apps


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

 Jira Service Management has a robust API that can be utilized in order to query relevant details. Although normally this is utilized by Agents, aka licensed users, some customizations render a need for customers (aka non-licensed users in JSM), to utilize the same endpoints available.  These users might not have credentials to access the JSM environment directly and therefore would have to rely on the three-legged-oauth method to try to obtain an access token then utilize the available endpoints.

Ultimately, Customers are unable to Authorize an Oauth app in JSM and therefore cannot leverage the REST API endpoints available

Environment

>=4.20.11

Diagnosis

When Agents try to follow the Oauth Dance in JSM, authorize  > request token  > get token  , they are able to successfully generate an Access Token and query JSM's REST API endpoint.

When a customer tries to do the same they do not see the Oauth Consent Screen to authorize the action, and are redirected back to the JSM. The customer workflow looks like this: authorize  > login to idp  > redirected to portal in JSM

Cause

Customers are not able to authorize the oauth app in JSM and therefore cannot complete the oauth dance. Without a valid access token they cannot query JSM's REST API endpoints. This is a limitation of the Oauth plugin in Jira.

Solution

The only work around is to license the customer so that they can complete the oauth workflow.


Last modified on Jan 31, 2025

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.