Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What data is accessible via an application link with Jira?

P_D_ Foerster
P_D_ Foerster
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 26, 2018

Hello there,one of my colleagues requested to test an integration of Jira with another application which needs an application link with Jira to work.

We have sensitive in our Jira instance. Searching the official documentation I didn't find any info / hints about what data an external application can retrieve if an application has been established.

Are there any restrictions or could the other application theoretically access all data from our Jira instance without us knowing?

Answer
Watch
Like Be the first to like this
703 views

1 answer

1 accepted

1 vote
Answer accepted
Prakhar Srivastav {Appfire}
Prakhar Srivastav {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 26, 2018

@P_D_ Foerster

 

Application Link in JIRA is created through OAuth. Since your other application is not another Atlassian App then you will use Oauth without impersonation. Which means before using JIRA data the user has to authorise against JIRA. After the Authorisation user will be able to only access that data for which he has access to. If the user normally does not have access to certain data then it is not accessible via application link as well.

Please refer to this link for more details

https://confluence.atlassian.com/adminjiraserver/using-applinks-to-link-to-other-applications-938846918.html

Regards

Prakhar

View More Comments
P_D_ Foerster
P_D_ Foerster
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 26, 2018

Hi @Prakhar Srivastav {Appfire},

thanks for the explanation. Reading the documentation again I stumbled over this:

Note that Atlassian OAuth with impersonation can only be used for application links between Atlassian applications. Furthermore, it should only be used when the two applications share the same userbase, typically managed with an external directory using LDAP.

If I understand correctly, then we cannot use OAuth with impersonation since the other app (in our case StoriesOnBoards) is not an Atlassian app. Moreover, the user base is not the same. So normal OAuth is they way to go. I remember having to define a dedicated user when using OAuth without impersonation

Cheers,
Patrice

Like
Prakhar Srivastav {Appfire}
Prakhar Srivastav {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 26, 2018

@P_D_ Foerster

Yes. You are right.

What happens when you have application link configured via Oauth is whenever one App asks for any resource in another app for first time then they will be redirected to authorise through the other app once authorised then the same authorisation will be used for all other request.

So you need not to worry. The data will be available based on the authorisation details provided.

Regards

Prakhar

Like
P_D_ Foerster
P_D_ Foerster
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 26, 2018

Thank you @Prakhar Srivastav {Appfire} for the thorough explanation :)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security