Hello,

we currently looking for a method to authenticate with a JIRA Server by an electron desktop application. The problem is that every considered method has a disadvantage for us. We are running Jira Software server version 7.13.0.

Basic Authentication:

We are currently using basic authentication, which works well, but we are having issues with users which have special characters (non- ASCII characters) and umlauts in their passwords. Because of this problem we considered not using Basic Authentication.

Are there any workarounds or considerations for fixing this bug (https://jira.atlassian.com/browse/JRASERVER-59828)?

OAuth1:

We also considered using OAuth1 (OAuth2 is currently not supported) but we are having some issues implementing that. The main issue is that the electron application doesn't have a redirect URL for displaying the authentication request in the browser and it seems way too complex.

We have already discussed some approaches to bypass this problem by for example a local web server or other methods described in this article:

http://wiki.oauth.net/w/page/27249271/OAuth%202%20for%20Native%20Apps

But all of them wasn't that ideal because of security risks or too complex solutions. We also considered using a REST API which handles the redirect by providing a URL, but that would make it also more complex than it already is.

Are there any considerations for implementing OAuth2 in the near future? (https://jira.atlassian.com/browse/JRASERVER-43171)

API Tokens:

Only available for JIRA cloud, but there is a feature request for using it for JIRA Servers (https://jira.atlassian.com/browse/JRASERVER-67869?_ga=2.21564024.2105075846.1549535625-480096154.1518778755)

Because we don't know what we can possibly do, we would appreciate your help in this problem. Maybe one of you already had the same problem or used another method for authentication.