Is it possible to integrate with connected app's REST api only providing Okta credentials?

Hi everyone

I’ve tried to find an answer to this in the documentation and this forum but I’m still not sure how to accomplish what we need, I’m hoping it’s possible and that someone can point me in the right direction.

Basically the question is, let’s say I have an Okta account with an Atlassian account linked. Is it possible for me to create a web interface (php / Laravel) that will make use of the SSO to authenticate a user, and after authenticating with Okta, is it then possible for me to make use of the Jira REST API of the connected app? Does Okta provide some sort of bridge between their api and connected app’s apis?

Essentially, if a connected app has it’s own REST api, is it possible to authenticate to it and perform api calls with the user only having to provide their Okta login details, and our system never needing to know the user’s details for said connected app?

I would really appreciate any input on this.

Thanks in advance

Does JIRA support configuring it so you can talk to its API with an OAuth 2.0 access token? If so, it should be possible to setup a front end that retrieves the access token from Okta, then uses it to communicate with JIRA’s API.

Thanks for the insight @mraible much appreciated, I’ll have a look at the documentation to see if the services we want to implement support OAuth2.0

Hi @mraible

I’m hitting a roadblock and some assistance would be appreciated.

Jira does have OAuth2.0 for their API, but I must still be doing something wrong.

From my app I authenticate the user with okta, which returns me the access token.

I then attempt to use this access token in a request to the JIRA api but I get a 401 response stating the client must be authenticated to access this resource.

Could you please assist with this? I’m happy to provide more information if needed.

Thanks

How are you sending your access token to JIRA? It should be in an Authorization header and be prefixed with “Bearer “. I’m guessing you’ll also need to do some configuring in JIRA to make it Okta-aware. In most cases, that likely
involves setting an issuer and a client ID somewhere.

Matt Raible

https://twitter.com/mraible

https://developer.okta.com/blog

Hi @mraible

I am indeed sending it as the Bearer token, I’ve linked the Atlassian Jira cloud app and set up SAML which is working, but I must still be missing something because it’s still rejecting my api calls

I can authenticate with the auth server on our org via our software, it returns back the access_token and id_token, and if I then attempt to use this access_token as the bearer token on calls to Jira it tells me the client needs to be authenticated first (which is what I thought the initial login was for).

I’m clearly missing something else here I just don’t know what.

This is the flow I’m using in our app: https://developer.okta.com/authentication-guide/implementing-authentication/auth-code

Everything in that high level overview is as it should be, except the last bullet point which reads

Your application can now use these tokens to call the resource server (for example an API) on behalf of the user.

EDIT: Turns out what I want to achieve is regarded as a custom integration, I found what you were referring to in jira, to authorize access, so I’m taking that route for now. Thanks for the input

@peanut we are facing the same issue. Could you please provide some more context on how you fixed this issue?
Thanks!