Configure the OAuth 2.0 Authentication Protocol

Some bugtrackers and synchronization servers can be configured with the OAuth 2.0 protocol. For the moment, it is only used by Jira connectors (Jira Bugtracker and Xsquash4Jira).

Both Jira and Squash have to be configured. The configuration differs depending on Jira hosting type (Jira Server/Data Center or Jira Cloud).

Prerequisite

In order to connect Jira and Squash, the OAuth 2.0 configuration requires the following prerequites:

• Squash must be used with https;
• Squash public URL must be configured in the system parameters.

Configure OAuth 2.0 with Jira Server and Data Center

In Jira

In Jira Server and Data Center, an incoming link with an external application must be configured:

1. Go to Administration > Applications > Application links;
2. Select [Create link];
3. Select External application, and then choose Incoming as the direction;

4. Fill in the details as described below:

   • Name: link name, e.g. "Squash"

   • Redirect URL: it must be as follows:

     squash-public-url/oauth2/authentication

   • Permission: select "Write"

5. Copy OAuth 2.0 credentials, Client ID and Client secret, which are used in Squash configuration.

Learn more

For more information about creating and managing application links, visit Jira documentation.

In Squash

In Squash, OAuth 2.0 authentication protocol is configured on the server's consultation page in the Bugtrackers and synchronization servers workspace.

In the Authentication protocol block:

1. Select OAuth 2

2. Fill in the details as described below:

   • Grant type: select "Authorisation Code";
   • Client ID: copy the client ID generated by Jira;
   • Client secret: copy the client secret generated by Jira;

   • Authorization URL: it is autocompleted by default, it must be as follows:
     jira-url/rest/oauth2/latest/authorize

   • URL for requesting tokens: it is autocompleted by default, it must be as follows:
     url-de-jira/rest/oauth2/latest/token

   • Redirect URL: it is autocompleted by default, it must be as follows:
     squash-public-url/oauth2/authentication

   • Scope: it must match the Permission defined in Jira, in CAPITAL LETTERS: WRITE

Configure OAuth 2.0 with Jira Cloud

In Jira

In Jira Cloud, a OAuth 2.0 integration must be created and configured:

1. Go to Atlassian Developer Console;
2. Select [Create], then OAuth 2.0 integration;
3. Enter an integration name (e.g. "Squash"), accept Atlassian terms, then select [Create];

4. Go to Distribution, click on [Edit] and fill in the following details:

   • Distribution status: Sharing;
   • Vendor name: Henix;

   • Privacy policy: https://tm-en.doc.squashtest.com/latest/saas/saas-security.html;

   • Does your app store personal data?: No.

5. Go to Permissions to configure the scope:

   • In the table, on the "Jira API" line, select [Add], then [Configure];

   • In the Classic scopes tab, select [Edit scopes], then tick:

     • View Jira issue data (read:jira-work);
     • Manage project settings (manage:jira-project);
     • Manage Jira global settings (manage:jira-configuration);
     • View user profiles (read:jira-user);
     • Create and manage issues (write:jira-work);

   • In the Granular scopes tab, select [Edit scopes], then tick:

     • View issue details (read:issue-details:jira);
     • View projects (read:project:jira);
     • View JQL (read:jql:jira);
     • Read board configuration (read:board-scope.admin:jira-software);
     • Read boards, backlogs, and related items (read:board-scope:jira-software);
     • Read sprints (read:sprint:jira-software);

6. Go to Authorization:

   • In the table, on the OAuth 2.0 (3LO) line, select [Add];
   • Fill in the Callback URL field, the URL must be as follows:
     squash-public-url/oauth2/authentication

7. Go to Settings, then Authentication details and copy OAuth 2.0 credentials, Client ID and Secret, which are used in Squash configuration.

In Squash

In Squash, OAuth 2.0 authentication protocol is configured on the server's consultation page in the Bugtrackers and synchronization servers workspace.

In the Authentication protocol block:

1. Select OAuth 2;

2. Fill in the details as described below:

   • Grant type: select Authorisation Code;
   • Client ID: copy the client ID generated by Jira;
   • Client secret: copy the client secret generated by Jira;

   • Authorization URL: it is autocompleted by default, it must be as follows:
     https://auth.atlassian.com/authorize

   • URL for requesting tokens: it is autocompleted by default, it must be as follows:
     https://auth.atlassian.com/oauth/token

   • Redirect URL: it is autocompleted by default, it must be as follows:
     squash-public-url/oauth2/authentication

   • Scope: it must match the scope codes defined in Jira in the Permissions section, i.e.:
     read:jira-work manage:jira-project manage:jira-configuration read:jira-user write:jira-work read:issue-details:jira read:project:jira read:jql:jira read:board-scope.admin:jira-software read:board-scope:jira-software read:sprint:jira-software

User authentication with OAuth 2.0

Once the configuration saved, depending on the user authentication mode and how Jira is used (as a bugtracker or as a synchronization server), here is how to authenticate to Jira from Squash:

• server authentication (technical account): in the Authentication policy block, click the [Generate tokens] button;
• user authentication:
  • on the user's My account page, in the Configuration mode of the bugtrackers block, click the [Generate tokens] button;
  • when reporting an issue from Squash or from the Known issues pages, click the [Log in] button;
  • when adding a Xsquash4Jira synchronization using user's credentials, click the [Log in] button (only for the administrator and project manager).

Learn more

To learn more about users authentication mode, visit the page Authentication policy