OAuth Authentication

 

 

Document Overview and Revisions

Issue Date.         

Prepared by.         Diksha Sandhu

Objective.                To document the existing system

Applicable to.         Grazitti

Deliverables.         Documentation and Process

Version

Primary Author(s)

Description of Version

Date

5.0

Diksha

Updated

8-12-2023

6.0

Diksha

Updated

24-May-2024

6.0

Amarveer Singh

Reviewed

29 May 2024

6.0

Amarveer Singh

Reviewed

12 June 2024

6.0

Diksha

Updated

21 Aug 2024

6.0

Amarveer Singh

Reviewed

22 Aug 2024

6.55.1

 

 

 

 

 

 

 

 

OAuth Authentication 1.0 (Legacy Data Center/Server/Cloud)

Note: Jira has deprecated OAuth 1.0 for application links. You can transition to OAuth 2.0 for enhanced security and continued functionality.

Configure Remote Site Settings

Navigate to the ‘Setup’ page from your Salesforce instance. In the ‘Quick Find’ box, search for ‘Remote Site Settings’ and click on it from the search results.

Click ‘New Remote Site’ to add the remote site.

 

 

 

  Creating Remote Sites

  1. Jira Instance

    Remote Site Name: Provide a name like ‘Jira’.

    Remote Site URL: Enter the URL of your Jira instance to enable secure communication.

  1. Salesforce Instance

    Remote Site Name: Provide a name like ‘Salesforce’.

    Remote Site URL: Enter your Salesforce instance URL to ensure seamless integration and communication.

     Create Application Links on the Jira Side

 

  1. Log into your Jira system as a user with 'Jira Administrator' permissions.

  2. Click on the Gear (settings) icon.

  3. Under the Settings drop-down menu, click ‘System’.

 

 

 

  1. Click ‘Search Jira admin’.

 

 

  1. Enter ‘application’ in the search bar and click ‘Application links’ from the search results.

 

 

  1. Click on ‘Create link’.

                  

     

  2. Enter your Salesforce Org’s URL in the field and click ‘Create new link’.

 

 

  1. A new window will open to confirm the ‘New URL’. Click ‘Continue’.  

 

 

  1. Fill in the details like ‘Application Name’ and select ‘Generic Application’ as the ‘Application Type’. Click ‘Continue’.

 

  1. A new application link will be created.

     

 

 

  1. Next is setting up the Incoming Authentication. Click ‘Edit’ (as highlighted in the screenshot below).

 

 

 

  1. Enter ‘Sinergify’ in the ‘Consumer Key’ and ‘Salesforce’ in the Consumer Name’ fields.

 

 

  1. c ‘Public Key’ field.

      

    

 

 

 

Note:

 

  1. Please check this reference Document for Public/Private keys.

(Please save the Private key also as it will be required later in Step 16)

 

 

 

  1. Add your ‘Consumer Callback URL’. The URL should be in the following format. SalesforceOrgURL+’/apex/Grz_Sf__AuthPage?status=’+SalesforceOrgID+’&instanceUrl=’+Jira instance Url

     

E.g.

https://grazitti3e-dev-ed.my.salesforce.com/apex/Grz_Sf__AuthPage?Status=00D5g000004FBtEEAW&instanceURL=https://sinergify.atlassian.net

 

  1. Click ‘Save’. The status of the application link will be updated to ‘Configured’.

  2. Go to the Authentication tab of the Admin Settings (Sinergify app) and select the ‘OAuth’ tab and fill in the details below.

  • Jira Name: Provide your Jira instance Name

  • Jira URL: Provide your Jira instance URL.

  • Call back URL: This field is automatically generated when the Jira URL is entered. The URL follows the format below:

    SalesforceOrgURL+’/apex/Grz_Sf__AuthPage?status=’+SalesforceOrgID+’&instanceUrl=’+Jira instance Url

  • Certificate Name:

    • Select the configured self-signed certificate from Salesforce. This certificate secures the communication between Salesforce and Jira and helps maintain a stable connection in environments with proxies or dynamic IP changes.

    • Applicable for Jira On-Premise / Data Center (DC) environments.

    • For detailed certificate creation and configuration, please follow the steps outlined above in this document.

  • Consumer Key: Enter the Consumer key used in the Application link.

  • Private Key: Enter the Private key generated in step 13 above.

  • Activate Content Header Parameter: Enable the toggle button to authenticate with Google SSO, facilitating single sign-on using Google credentials.

                              

 

Key Consideration Points.

 

  • A consumer key must be one word only, as Jira does not support more than one word in a consumer key. See the reference Document.

  • Refresh Token: A refresh token helps you re-validate your connection. It is particularly useful when the token expires or is revoked on the Jira side. This can also be used to authenticate the Salesforce side with a different Jira Integration user if needed.

     

 

  1. Select the Jira software - Server or Cloud.

  2. Toggle to make this Jira instance your default Jira instance.

  3. Click ‘Save'.

 

  1. A Pop-up will appear on your screen. Log in using your Jira credentials.

    Note. Ensure that pop-ups are not blocked.

 

  1. After logging in, a new window will appear asking for the ‘Read’ and ‘Write’ permissions. Click ‘Allow’ to share access token else click ‘Deny’.

  2. A new window will appear on your screen asking you to allow or deny the access

 

  1. If allowed, the access token will be shared and saved automatically in Salesforce and the admin page will reload automatically.

  2. After this process is complete, you will be able to view the Integration user details. Refer to the screenshot below for reference. Please ensure the status is set to Active. If it is not, enable the toggle button.

 

OAuth 2.0 Authentication(Server/Data Center)

Creating Remote Sites

  1. Jira Instance

    Remote Site Name: Provide a name like ‘Sinergify Jira’.

    Remote Site URL: Enter the URL of your Jira instance to enable secure communication.

  1. Salesforce Instance

    Remote Site Name: Provide a name like ‘Salesforce’.

    Remote Site URL: Enter your Salesforce instance URL to ensure seamless integration and communication.

 

  Create an incoming link using application links

  1. Go to Administration > Applications > Application links.

  1. Select Create link.

  2. Select External application, and then choose Incoming as the direction and then click ’Continue’.

  3. Fill in the details as described in the sections below.

  • Provide application details: In this type of link, you need to provide the Redirect URL. The url should be in the below format.

    Call back url:

    Salesforc stuleeOrgURL+’/apex/Grz_Sf__AuthPage?status=’+SalesforceOrgID+’&instanceUrl=’+Jira instance Url

    Example:

    https://grazitti220-dev-ed.develop.my.salesforce.com/apex/Grz_Sf__AuthPage?Status=00DNS000002I84y2AC&instanceURL=https://jirasfdc.grazitti.com

  • Provide application permissions: Select permissions the application can have on your instance. Below is the required scope for authentication and authorization.

    WRITE

  • The application can create and update Jira issues, comments, and worklogs. This is   the permission typically required for Sinergify to provide full integration functionality.

                          

  1. Now Jira will generate the OAuth credentials that will include these details. You need to copy the credentials in the Sinergify Admin setting.

  2. Go to the Authentication tab of the Admin Settings (Sinergify app) and select the ‘OAuth 2.0’ tab.

  • Jira Name: Provide your Jira instance Name

  • Jira URL: Provide your Jira instance URL.

  • Call back URL: This field is automatically generated when the Jira URL is entered. The URL follows the format below:

    SalesforceOrgURL+’/apex/Grz_Sf__AuthPage?status=’+SalesforceOrgID+’&instanceUrl=’+Jira instance Url

  • Client ID: Paste the Client Id copied from the OAuth 2.0 application link.

  • Client Secret: Paste the Client Id copied from the OAuth 2.0 application link.

  • Activate Content Header Parameter: Enable the toggle button to authenticate with Google SSO, facilitating single sign-on using Google credentials.

  • Certificate Name:

    • Select the configured self-signed certificate from Salesforce. This certificate secures the communication between Salesforce and Jira and helps maintain a stable connection in environments with proxies or dynamic IP changes.

    • Applicable for Jira On-Premise / Data Center (DC) environments.

    • For detailed certificate creation and configuration, please follow the steps outlined above in this document.

  1. Once done, click ‘Save.’ A new screen will appear, verify the Jira Url and then click ‘Allow’.

  2. A new window will appear on your screen asking you to allow or deny the access.

  3. If allowed, the access token will be shared and saved automatically in Salesforce and the admin page will reload automatically. Please ensure the status is set to Active. If it is not, enable the toggle button.

OAuth 2.0 Authentication(Cloud)

Creating Remote Sites

  1. Jira Instance

    Remote Site Name: Provide a name ‘Jira’.

    Remote Site URL: Enter the URL of your Jira instance to enable secure communication.

  1. Salesforce Instance

    Remote Site Name: Provide a name ‘Salesforce’.

    Remote Site URL: Enter your Salesforce instance URL to ensure seamless integration and communication.

  1. Authentication URL

    Remote Site Name: Provide a name ‘Authentication URL.’.

    Remote Site URL:  https://auth.atlassian.com 

  1. Jira API Integration

    Remote Site Name: Provide a name for the Jira API Integration.

    Remote Site URL: https://api.atlassian.com

Steps to Create and Configure a Jira App

  1. Go to the Jira Developer Console

  2. Click Create and then subscecuentky click on the ‘Oauth 2.0 Authentication’.

  3. Create a new app named ‘Sinergify App’ and click on the Checkbox I agree to be bound by Atlassian's developer terms. Once done click ‘Create’.

     

     

  4. A new app will be created.

  5. Go to the left panel and then Permission and Configure the below highlighted API Scopes.

                 

  6. Add the following required scopes for the Jira API by clicking on Add and selecting them one by one. These scopes are necessary for the integration to function properly:

     

    Required Jira API Scopes

 

 

View Jira issue data

Read Jira project and issue data, search for issues, and objects associated with issues like attachments and worklogs.

read:jira-work

 

View user profiles

View user information in Jira that the user has access to, including usernames, email addresses, and avatars.

read:jira-user

 

Create and manage issues

Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues.

write:jira-work

 



Note

If you want to add additional scopes, ensure that the scope is first added on the Jira side and then configured on the Salesforce side under Custom Settings.

Steps to Configure in Salesforce:

  1. Navigate to Setup in Salesforce.

  2. Search for and open Custom Settings.

  3. Locate and click on JiraSalesforceDetail.

  4. Click on Manage and open the existing record:

    • Record Name: OAuth2ScopesForCloud

  5. In the Value field, add the required scope code (e.g., manage:jira-project).

  6. Save the changes.

Important:

  • The record is already created; you only need to update the Value field.

  • Ensure the scope matches exactly with what is configured on the Jira side to avoid any issues.

For your reference, we have attached an example illustrating how to configure the manage:jira-project scope.

 

 

 

 

 

  1. Go to Authorization from the left panel. Click on the ‘Add’ action.

  2. Once done Add your ‘Consumer Callback URL’. The URL should be in the following format.

SalesforceOrgURL+’/apex/Grz_Sf__AuthPage?status=’+SalesforceOrgID+’&instanceUrl=’+Jira instance Url

 

  For Example:      https://connectorjira-dev-ed.my.salesforce.com/apex/Grz_Sf__AuthPage?Status=00D0o000000Sx8ZEAS&instanceURL=https://sinergify.atlassian.net

  1. Once done click ‘Save Changes’.

  2. Once done click on the setting option from the left panel and then go to Authentication details.

  3. Copy the Client ID and Secret.

  4. Go to the Authentication tab of the Admin Settings (Sinergify app) and select the ‘OAuth 2.0’ tab.

  • Jira Name: Provide your Jira instance Name

  • Jira URL: Provide your Jira instance URL.

  • Call back URL: This field is automatically generated when the Jira URL is entered. The URL follows the format below:

  • SalesforceOrgURL+’/apex/Grz_Sf__AuthPage?status=’+SalesforceOrgID+’&instanceUrl=’+Jira instance Url format.

  • Client ID: Paste the Client Id copied from the OAuth 2.0 app.

  • Client Secret: Paste the Client Id copied from the OAuth 2.0 app.

  • Activate Content Header Parameter: Enable the toggle button to authenticate with Google SSO, facilitating single sign-on using Google credentials.

  • Certificate Name:

    • Select the configured self-signed certificate from Salesforce. This certificate secures the communication between Salesforce and Jira and helps maintain a stable connection in environments with proxies or dynamic IP changes.

    • Applicable for Jira On-Premise / Data Center (DC) environments.

    • For detailed certificate creation and configuration, please follow the steps outlined above in this document.

  1. Select the Jira software - Cloud.

  2. Toggle to make this Jira instance your default Jira instance.

  3. Once done, click ‘Save.’ In the Use App on, add your Jira instance URL and click 'Accept' once done.

  4. A new window will appear on your screen asking you to allow or deny the access

     

  5. If allowed, the access token will be shared and saved automatically in Salesforce and the admin page will reload automatically. Please ensure the status is set to Active. If it is not, enable the toggle button.