When you create an application link between two applications, OAuth authentication is used by default. This authentication type lets logged-in users take advantage of all the integration points between Atlassian applications.

On this page:

Authentication types for application links

The following types are available:

• Configuring OAuth authentication for an application link
• Configuring Basic HTTP authentication for an application link
• Configuring Trusted Applications authentication for an application link

Atlassian only recommends using OAuth authentication for Application Links.

When you need to change the configuration of an application link

Depending on your permissions when you create an application (or the settings required in the application you are linking to), you might need to modify the authentication settings for an application link after it's been created. There are a few common scenarios in which you might need to change the configuration of an application link:

• You've set up an application link but users still have to authenticate regularly. This can occur when the application link has been configured to not share the same userbase. If those applications do share the same user base, you can update your application link authentication by selecting the Allow user impersonation through 2-Legged OAuth check box on the incoming authentication settings for the application link configuration.
• You want to continue using a link to an application that now allows public sign-on and the link was previously configured with a shared userbase. You can update your application link authentication by clearing the Allow user impersonation through 2-Legged OAuth check box on the incoming authentication settings for the application link configuration.
• You use a plugin that requires a specific authentication type.

Note that to get the full integration available in the Development panel in JIRA issues, JIRA must be connected with Stash, FishEye, Crucible or Bamboo using a 2-way application link that has both 2-legged (2LO) and 3-legged (3LO) authentication enabled. See Installing Atlassian Tools for Integration with JIRA for version information and connection details.

Security implications for each authentication type

OAuth is the authentication type we recommend. However, be aware of the following security implications:

We no longer recommend the Trusted Applications authentication type. If you do use Trusted Applications authentication, be aware of the following security implications:

About impersonating and non-impersonating authentication types