►
From YouTube: OAuth flow for Jira connect experiment
Description
Follow up of https://www.youtube.com/watch?v=n7TrvSlBKbw
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66919
A
Hey
after
our
last
pairing
session,
we
want
to
try
to
implement
the
os
flow
for
jira
connect
on
on
the
back
end
side
and
yeah,
see
how
far
we
get.
We
have
an
idea
for
the
static
callback
url
to
implement
a
little
basic
controller
that
just
redirects
back
to
the
atlassian
namespace,
and
we
will.
The
idea
was
to
get
the
namespace
from
the
from
the
jot
that
atlassian
has
and
then
we
would
then
put
in
this
date
so
yeah.
I
tried
that.
A
I
did
it
on
the
admin
area,
because
I
think,
if
we
do
that,
for
example,
if
you
do
that
on
gitlab.com,
we
don't
need
to
ask
the
user
to
create
an
application
for
themselves.
We
can
just
use
this
application
for
everyone
right
and
it
has
this
static
url.
I
call
it
your
connect
of
callbacks
and
yeah,
so
we'll
be
using
this
to
redirect
them
to
atlassian.
So
from
from
this
page,
we
go
to
the
os
flow.
A
Oauth
flow
will
then
go
to
my
controller
and
my
controller
will
figure
out
the
namespace
and
then
yeah
redirect
basically
and
contain
the
code
that
we
receive
from
from
the
oauth
flow
right.
So
one
one
little
problem
I
found
was
that
those
apps
they
have
like
a
secret
key
and
we
need
to
know
the
secret
key
or
basically
also
the
the
app
client
id,
but
I
can
show
that
so
this
is
my
oauth
flow
link.
A
There
we
go
so
this
part
is
the
link
right,
then
client
id.
So
this
is
the
app
id
and,
like
I
said,
for
gitlab.com
we
can
have
a
have
an
app
we
can
just
yeah
create
in
the
admin
area,
and
then
we
can
basically
hard
code
this
app
id,
but
for
self
manage
instance.
We
need
to
ask
the
self-managed
admins
or
users
to
create
an
app
and
we
need
to
have
a
way
to
enter
this
client
id
somewhere,
but
yeah.
We
can
figure
this
out
later.
A
I
guess
right
redirect
uri
that
matches
the
the
one
I
specified
on
the
admin
area
and
then
I
added
the
scope
thing.
Oh
no
scope
is
the
the
scope
that
we
want
api.
This
is
what
I
added
state,
and
so
this
has
the
jw
the
job
token
at
least
partially.
So
the
first
part
is
the
jot
token
and
we
can
decode
the
the
jot
and
then
find
the
name
space.
But
what
we
can't
find
is
the
is
the
path
to
to
this
page.
A
A
And,
as
you
can
see,
I'm
back
on
jira-
and
this
is
the
code
that
we
got
from
from
the
oauth
flow
just
to
prove-
let's
see
if
we
can
find
it
here
right.
This
is
the
authorized
page.
This
is
the
controller
I
wrote
of
callbacks,
and
this
would
then
figure
out
the
right
namespace
and
redirect
me
back
and
also
it
appends
the
the
code
to
the
url
all
right
using
this
code.
We
can
basically,
then
fetch
a
token
from
gitlab.
A
We
need
the
code
and
we
also
need
the
app
secret
and
I
guess
the
thicket
can
be
hard
coded
somewhere
too
and
yeah.
I
guess
for
self-managed
instances.
We
also
need
a
way
to
add
this.
Maybe
we
can
build
some
automatic
setup
yeah,
but,
like
I
said
we
can
figure
this
out
later:
cool
yeah.
That's
it
thanks
for
watching.