Hi, I work on https://agilemana.com/, an online planning poker tool. I'm working on a feature that "allow users to update issue from the website". Some of the users are using self-hosted JIRA, some are using cloud hosted JIRA.

According to the doc https://docs.atlassian.com/software/jira/docs/api/REST/7.6.1/, there're 3 ways to authenticate with JIRA. 

OAuth

I'm afraid this is pretty hard to a JIRA user to create RSA private/public key pairs.

HTTP basic authentication

I can create a desktop app to call JIRA RESTful APIs, but there's risk if users will have to tell my website their username and password, users usually don't want to tell their credentials to other people, right? 

Cookie based authentication

If I send requests to JIRA (say jira.example.com) from my website in Javascript, it'll have CORS issue.

Please advise what's the best way to update issue from a website.