I’m building an app using Atlassian’s Forge platform to build an extension for Jira. I need the extension to talk with a Django site and API I’ve created and host that uses Auth0.
Forge apps support OAuth2 authentication with external sources via a providers configuration in the manifest.yml file for the app. From the docs, it appears OAuth2 without the client secret is the only configuration they currently support.
I’ve tried to configure my forge app to talk with my Auth0 dev instance with the following yaml:
providers:
auth:
- key: auth0
name: Auth0
scopes:
- openid
- profile
- email
- offline_access
- https://<subdomain>.us.auth0.com/userinfo
- https://<subdomain>.us.auth0.com/oauth/revoke
- https://<subdomain>.us.auth0.com/oauth/token
- https://<subdomain>.us.auth0.com/authorize
type: oauth2
clientId: <client_id>
remotes:
- auth0-apis
bearerMethod: authorization-header
actions:
authorization:
remote: auth0-apis
path: /authorize
queryParameters:
connection: "github"
exchange:
remote: auth0-apis
path: /oauth/token
resolvers:
accessToken: access_token
accessTokenExpires: expires_in
refreshToken: refresh_token
revokeToken:
remote: auth0-apis
path: /oauth/revoke
retrieveProfile:
remote: auth0-apis
path: /userinfo
resolvers:
id: sub
displayName: email
All I get on the Auth0 side is a 401 Unauthorized during Token Exchange but no info about what the actual issue with the request was. I presume it’s potentially an issue with the scope but don’t really know for sure. There’s no documentation about how to hook up an Atlassian Forge app to Auth0 as an external auth provider. I’d be happy to document the process if I can get it working 