Now you can authenticate Flow with Jira using OAuth 2.0, instead of the previous OAuth 1.0a option. If you have an existing Jira integration using either OAuth 1.0a or access token, follow the steps below to update your credentials or create a new integration.
This new authentication mechanism makes integrating Flow with Jira much simpler. You’ll also benefit from improved security, since OAuth 2.0 uses short-lived and revocable access tokens, as well as allowing you to grant more fine-grained access scopes to Flow.
Note: Jira Oauth 2 is available for Jira Cloud and Jira Data Center. If you are using a Jira Server product, you must use an access token for authentication.
Permissions and scopes
Integrations using OAuth 2.0 require the same user permissions for your service account as our other Jira authentication methods. Read more about user permissions in the Jira Cloud and self-hosted setup article.
However, Flow requests access to a more select list of read-only scopes as part of our connection to gather the data we require. If you're connecting with Jira Cloud, you'll see a full list of these scopes when you accept the connection between Flow and Jira as part of creating a new integration or migrating your existing integration.
Note: While the service account user must have the Create issues permission, Flow only requests read-only scopes during the OAuth flow. This means Flow does not have the ability to write to your Jira.
The Create issues permission is required for Flow to ingest issue type metadata. While this is a read/write permission, the granular scopes requested during OAuth ensure Flow does not actually have write access to your Jira system in any capacity. If Flow adds functionality in the future that requires more scopes, you will need to specifically authorize those additional scopes during OAuth. They cannot be increased without your direct acceptance.
Deprecation of Jira authentication methods
With Jira's deprecation of both username/password authentication and OAuth 1.0a authentication, Flow is removing the option to use OAuth 1.0A and username/password authentication methods.
If you have a current Jira integration using either of these authentication methods, your integration will continue to work as long as the authentication is valid with Jira, but we highly recommend updating your integration to use a supported authentication method. If you need to modify your integration in the future, you will not be able to modify your existing authentication method—you must switch to a new one.
To ensure the security and continued functionality of your Flow integration, migrate to a supported authentication method as soon as possible.
For Jira Cloud and Jira Data Center users, the supported authentication methods are OAuth 2.0 and Access token. If possible, we recommend using OAuth 2.
The only available authentication method for Jira Server is Access token.
Prerequisite steps for Jira Data Center
If you have a Jira Data Center integration, you must configure an application link (external site, opens in new tab) in Jira before taking any steps in Flow. When configuring this link, ensure:
- The callback/redirect URL is set to
https://flow.pluralsight.com/accounts/complete/jira-data-center
- The application permissions are set to
write
Once your application link is created, copy the Client ID and Client secret to input in Flow later.
Tip: Make sure to label your application link so you can easily tell which one is for Flow. If you ever need to reauthenticate, you’ll need to find the Client ID and Client secret again.
Create a new Jira integration using OAuth 2
Important: If you have an existing Jira integration, follow the migration instructions to update your authorization mechanism. Do not create a new integration to duplicate your existing integration.
To create a new Jira integration:
- On the Integrations page, click Add integration.
- Click Jira Cloud & Self-managed.
- Select OAuth.
- Enter your Base URL, starting with https and excluding any trailing slashes.
- If Flow detects that your base URL is not a Jira Cloud URL, Flow will open additional fields for Client ID and Client secret. Enter the values from your application link in Jira Data Center.
- Click Connect with OAuth.
- In the resulting window, log in to the Atlassian account for the service account, if prompted.
- Select which Jira organization to authenticate with.
- Review the requested scopes, then click Accept. This will close the new window.
- In Flow, click Next.
Once your authentication is complete, enable or disable services, then name your integration to complete your integration setup.
Migrate an existing Jira integration to OAuth 2
To edit an existing Jira integration:
- Click Edit on the integration’s details page.
- Select OAuth.
- Enter your Base URL, starting with https and excluding any trailing slashes.
- If Flow detects that your base URL is not a Jira Cloud URL, Flow will open additional fields for Client ID and Client secret. Enter the values from your application link in Jira Data Center.
- Click Connect with OAuth.
- In the resulting window, log in to the Atlassian account for the service account, if prompted.
- Select which Jira organization to authenticate with.
- Review the requested scopes, then click Accept. This will close the new window.
- In Flow, click Next.
Once your authentication is updated, rename your integration if desired to complete your integration setup.
Note: Updating your integration method and credentials will not affect any already-ingested data in Flow. Ensure you’re authenticating with a service account that has the correct permissions to ensure new data continues to ingest correctly.
Once your integration is processing correctly, delete any previously-created application links for OAuth 1.0a from Jira.