Configure the OAuth 2.0 Authentication Protocol
Some bugtrackers and synchronization servers can be configured with the OAuth 2.0 protocol. As of now, it is only used by Jira connectors (Jira Bugtracker and Xsquash4Jira).
Both Jira and Squash TM have to be configured. The configuration differs depending on Jira hosting type (Jira Server/Data Center or Jira Cloud).
Prerequisite
In order to connect Jira and Squash TM, the OAuth 2.0 configuration requires the following prerequites:
- Squash TM must be used with https
- Squash TM public URL must be configured in the system parameters
Configure OAuth 2.0 with Jira Server and Data Center
In Jira
In Jira Server and Data Center, an incoming link with an external application must be configured:
- Go to µµAdministration > Applications > Application links**
- Select [Create link]
- Select External application, and then choose Incoming as the direction.
-
Fill in the details as described below:
- Name: link name, e.g. "Squash TM"
-
Redirect URL: it must be as follows:
squash-public-url/oauth2/authentication
-
Permission: select Write
-
Copy OAuth 2.0 credentials, Client ID and Client secret, which are used in Squash TM configuration
Learn more
For more information about creating and managing application links, visit Jira documentation.
In Squash TM
In Squash TM, OAuth 2.0 authentication protocol is configured on the server's consultation page in the "Bugtrackers and synchronization servers" workspace.
In the "Authentication protocol" block:
- Select OAuth 2
-
Fill in the details as described below:
- Grant type: select Authorisation Code
- Client ID: copy the client ID generated by Jira
- Client secret: copy the client secret generated by Jira
-
Authorization URL: it is autocompleted by default, it must be as follows:
jira-url/rest/oauth2/latest/authorize
-
Access token URL: it is autocompleted by default, it must be as follows:
url-de-jira/rest/oauth2/latest/token
-
Redirect URL: it is autocompleted by default, it must be as follows:
squash-public-url/oauth2/authentication
-
Scope: it must match the Permission defined in Jira, in CAPITAL LETTERS:
WRITE
Configure OAuth 2.0 with Jira Cloud
In Jira
In Jira Cloud, a OAuth 2.0 integration must be created and configured:
- Go to Atlassian Developer Console
- Select [Create], then OAuth 2.0 integration
- Enter an integration name (e.g. "Squash TM"), accept Atlassian terms, then select [Create]
-
Go to Distribution, click on [Edit] and fill in the following details:
- Distribution status: Sharing
- Vendor name: Henix
-
Privacy policy:
https://tm-en.doc.squashtest.com/latest/saas/saas-security.html
-
Does your app store personal data?: No
-
Go to Permissions to configure the scope:
- In the table, on the "Jira API" line, select [Add], then [Configure]
-
In the Classic scopes tab, select [Edit scopes], then tick:
- View Jira issue data (read:jira-work)
- Manage project settings (manage:jira-project)
- Manage Jira global settings (manage:jira-configuration)
- View user profiles (read:jira-user)
- Create and manage issues (write:jira-work)
-
In the Granular scopes tab, select [Edit scopes], then tick:
- View issue details (read:issue-details:jira)
- View projects (read:project:jira)
- View JQL (read:jql:jira)
- Read board configuration (read:board-scope.admin:jira-software)
- Read boards, backlogs, and related items (read:board-scope:jira-software)
- Read sprints (read:sprint:jira-software)
-
Go to Authorization:
- In the table, on the "OAuth 2.0 (3LO) line, select [Add]
- Fill in the Callback URL field, the URL must be as follows:
squash-public-url/oauth2/authentication
-
Go to Settings, then "Authentication details and copy OAuth 2.0 credentials, Client ID and Secret, which are used in Squash TM configuration
In Squash TM
In Squash TM, OAuth 2.0 authentication protocol is configured on the server's consultation page in the "Bugtrackers and synchronization servers" workspace.
In the "Authentication protocol" block:
- Select OAuth 2
-
Fill in the details as described below:
- Grant type: select Authorisation Code
- Client ID: copy the client ID generated by Jira
- Client secret: copy the client secret generated by Jira
-
Authorization URL: it is autocompleted by default, it must be as follows:
https://auth.atlassian.com/authorize
-
Access token URL: it is autocompleted by default, it must be as follows:
https://auth.atlassian.com/oauth/token
-
Redirect URL: it is autocompleted by default, it must be as follows:
squash-public-url/oauth2/authentication
-
Scope: it must match the scope codes defined in Jira in the Permissions section, i.e.:
read:jira-work manage:jira-project manage:jira-configuration read:jira-user write:jira-work read:issue-details:jira read:project:jira read:jql:jira read:board-scope.admin:jira-software read:board-scope:jira-software read:sprint:jira-software
User authentication with OAuth 2.0
Once the configuration saved, depending on the user authentication mode and how Jira is used (as a bugtracker or as a synchronization server), here is how to authenticate to Jira from Squash TM:
- server authentication (technical account): in the "Authentication policy" block, [Generate a token] button
- user authentication:
- on the user's "My account" page, "Configuration mode of the bugtrackers", [Generate a token] button
- when reporting an issue from Squash TM or from the "Known issues" pages, [Log in] button
- when adding a Xsquash4Jira synchronization using user's credentials, [Log in] button (only for the administrator and project manager)
Learn more
To learn more about users authentication mode, visit the page Authentication policy