Skip to content

Configure the OAuth 2.0 Authentication Protocol

Some bugtrackers and synchronization servers can be configured with the OAuth 2.0 protocol. As of now, it is only used by Jira connectors (Jira Bugtracker and Xsquash4Jira).

Both Jira and Squash TM have to be configured. The configuration differs depending on Jira hosting type (Jira Server/Data Center or Jira Cloud).

Prerequisite

In order to connect Jira and Squash TM, the OAuth 2.0 configuration requires the following prerequites:

Configure OAuth 2.0 with Jira Server and Data Center

In Jira

In Jira Server and Data Center, an incoming link with an external application must be configured:

  1. Go to µµAdministration > Applications > Application links**
  2. Select [Create link]
  3. Select External application, and then choose Incoming as the direction.
  4. Fill in the details as described below:

    • Name: link name, e.g. "Squash TM"
    • Redirect URL: it must be as follows:

      squash-public-url/oauth2/authentication
      
    • Permission: select Write

  5. Copy OAuth 2.0 credentials, Client ID and Client secret, which are used in Squash TM configuration

Learn more

For more information about creating and managing application links, visit Jira documentation.

In Squash TM

In Squash TM, OAuth 2.0 authentication protocol is configured on the server's consultation page in the "Bugtrackers and synchronization servers" workspace.

In the "Authentication protocol" block:

  1. Select OAuth 2
  2. Fill in the details as described below:

    • Grant type: select Authorisation Code
    • Client ID: copy the client ID generated by Jira
    • Client secret: copy the client secret generated by Jira
    • Authorization URL: it is autocompleted by default, it must be as follows:

      jira-url/rest/oauth2/latest/authorize
      
    • Access token URL: it is autocompleted by default, it must be as follows:

      url-de-jira/rest/oauth2/latest/token
      
    • Redirect URL: it is autocompleted by default, it must be as follows:

      squash-public-url/oauth2/authentication
      
    • Scope: it must match the Permission defined in Jira, in CAPITAL LETTERS:

      WRITE
      

Configure OAuth 2.0 with Jira Cloud

In Jira

In Jira Cloud, a OAuth 2.0 integration must be created and configured:

  1. Go to Atlassian Developer Console
  2. Select [Create], then OAuth 2.0 integration
  3. Enter an integration name (e.g. "Squash TM"), accept Atlassian terms, then select [Create]
  4. Go to Distribution, click on [Edit] and fill in the following details:

    • Distribution status: Sharing
    • Vendor name: Henix
    • Privacy policy:

      https://tm-en.doc.squashtest.com/latest/saas/saas-security.html
      
    • Does your app store personal data?: No

  5. Go to Permissions to configure the scope:

    • In the table, on the "Jira API" line, select [Add], then [Configure]
    • In the Classic scopes tab, select [Edit scopes], then tick:

      • View Jira issue data (read:jira-work)
      • Manage project settings (manage:jira-project)
      • Manage Jira global settings (manage:jira-configuration)
      • View user profiles (read:jira-user)
      • Create and manage issues (write:jira-work)
    • In the Granular scopes tab, select [Edit scopes], then tick:

      • View issue details (read:issue-details:jira)
      • View projects (read:project:jira)
      • View JQL (read:jql:jira)
      • Read board configuration (read:board-scope.admin:jira-software)
      • Read boards, backlogs, and related items (read:board-scope:jira-software)
      • Read sprints (read:sprint:jira-software)
  6. Go to Authorization:

    • In the table, on the "OAuth 2.0 (3LO) line, select [Add]
    • Fill in the Callback URL field, the URL must be as follows:
      squash-public-url/oauth2/authentication
      
  7. Go to Settings, then "Authentication details and copy OAuth 2.0 credentials, Client ID and Secret, which are used in Squash TM configuration

In Squash TM

In Squash TM, OAuth 2.0 authentication protocol is configured on the server's consultation page in the "Bugtrackers and synchronization servers" workspace.

In the "Authentication protocol" block:

  1. Select OAuth 2
  2. Fill in the details as described below:

    • Grant type: select Authorisation Code
    • Client ID: copy the client ID generated by Jira
    • Client secret: copy the client secret generated by Jira
    • Authorization URL: it is autocompleted by default, it must be as follows:

      https://auth.atlassian.com/authorize
      
    • Access token URL: it is autocompleted by default, it must be as follows:

      https://auth.atlassian.com/oauth/token
      
    • Redirect URL: it is autocompleted by default, it must be as follows:

      squash-public-url/oauth2/authentication
      
    • Scope: it must match the scope codes defined in Jira in the Permissions section, i.e.:

      read:jira-work manage:jira-project manage:jira-configuration read:jira-user write:jira-work read:issue-details:jira read:project:jira read:jql:jira read:board-scope.admin:jira-software read:board-scope:jira-software read:sprint:jira-software
      

User authentication with OAuth 2.0

Once the configuration saved, depending on the user authentication mode and how Jira is used (as a bugtracker or as a synchronization server), here is how to authenticate to Jira from Squash TM:

  • server authentication (technical account): in the "Authentication policy" block, [Generate a token] button
  • user authentication:
    • on the user's "My account" page, "Configuration mode of the bugtrackers", [Generate a token] button
    • when reporting an issue from Squash TM or from the "Known issues" pages, [Log in] button
    • when adding a Xsquash4Jira synchronization using user's credentials, [Log in] button (only for the administrator and project manager)

Learn more

To learn more about users authentication mode, visit the page Authentication policy