-
Notifications
You must be signed in to change notification settings - Fork 410
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth 2.0 #423
Comments
I have work in progress for writing such a Request Client. I have it to a POC level. When I have a viable prototype I'll create a draft PR. I created this issue to track discussion about such an implementation. |
We use OAuth 2.0 for our Jira server. We have yet been passing the Access Token in a bearer authentication header as an additional default header. My |
I became busy so this will not be ready for the next release, |
For the workaround I have followed the below for OAuth2 token based API authentication, class JiraClient
def initialize(token)
headers = { 'Authorization' => 'Bearer ' + token }
options = {
site: 'https://api.atlassian.com',
auth_type: :basic,
default_headers: headers,
context_path: '',
rest_base_path: '/ex/jira/' + ENV['ATLASSIAN_CLOUD_ID'] + '/rest/api/2',
}
@client = JIRA::Client.new(options)
end
end The token required above is fetched from the Atlassian OAuth2 client using SCOPES = %w[
read:me
read:account
read:jira-work
read:jira-user
write:jira-work
]
OmniAuth.config.allowed_request_methods = [:get, :post]
Rails.application.config.middleware.use OmniAuth::Builder do
provider :atlassian_oauth2, ENV['ATLASSIAN_CLIENT_ID'], ENV['ATLASSIAN_CLIENT_SECRET'],
scope: SCOPES.join(' '),
prompt: "consent"
end with @marlinpierce you approve of this approach, I'm prepared and interested in starting to work on the contribution. |
We have been using that work around with OAuth 2.0. There is a fix merged into the next release which fixes using the default headers for multipart request. I do have code started which sets the token in the Bearer header. That code has more too, such as making the Access Request to get the Access Token. I'll work on it during our end of year break at work. It is almost ready to submit for review and testing. |
I am creating this issue for a request client which supports OAuth 2.0.
The text was updated successfully, but these errors were encountered: