I’m building an app using Atlassian’s Forge platform to build an extension for Jira. I need the extension to talk with a Django site and API I’ve created and host that uses Auth0.
Forge apps support OAuth2 authentication with external sources via a providers configuration in the manifest.yml file for the app. From the docs, it appears OAuth2 without the client secret is the only configuration they currently support.
I’ve tried to configure my forge app to talk with my Auth0 dev instance with the following yaml:
providers: auth: - key: auth0 name: Auth0 scopes: - openid - profile - email - offline_access - https://<subdomain>.us.auth0.com/userinfo - https://<subdomain>.us.auth0.com/oauth/revoke - https://<subdomain>.us.auth0.com/oauth/token - https://<subdomain>.us.auth0.com/authorize type: oauth2 clientId: <client_id> remotes: - auth0-apis bearerMethod: authorization-header actions: authorization: remote: auth0-apis path: /authorize queryParameters: connection: "github" exchange: remote: auth0-apis path: /oauth/token resolvers: accessToken: access_token accessTokenExpires: expires_in refreshToken: refresh_token revokeToken: remote: auth0-apis path: /oauth/revoke retrieveProfile: remote: auth0-apis path: /userinfo resolvers: id: sub displayName: email
All I get on the Auth0 side is a 401 Unauthorized during Token Exchange but no info about what the actual issue with the request was. I presume it’s potentially an issue with the scope but don’t really know for sure. There’s no documentation about how to hook up an Atlassian Forge app to Auth0 as an external auth provider. I’d be happy to document the process if I can get it working