OAuth 2.0

[marlinpierce]

I am creating this issue for a request client which supports OAuth 2.0.

[marlinpierce]

I have work in progress for writing such a Request Client. I have it to a POC level. When I have a viable prototype I'll create a draft PR.

I created this issue to track discussion about such an implementation.

[marlinpierce]

We use OAuth 2.0 for our Jira server. We have yet been passing the Access Token in a bearer authentication header as an additional default header. My RequestClient code uses the oauth2 gem to make calls to Jira.

[marlinpierce]

I became busy so this will not be ready for the next release, 0.2.4. I will work on having it ready, with enough time for review and discussion, by the end of 2024, to be ready for the 0.2.5 release.

[InbaKrish]

For the workaround I have followed the below for OAuth2 token based API authentication,

class JiraClient
  def initialize(token)
    headers = { 'Authorization' => 'Bearer ' + token }
    options = {
      site: 'https://api.atlassian.com',
      auth_type: :basic,
      default_headers: headers,
      context_path: '',
      rest_base_path: '/ex/jira/' + ENV['ATLASSIAN_CLOUD_ID'] + '/rest/api/2',
    }
    @client = JIRA::Client.new(options)
  end
end

The token required above is fetched from the Atlassian OAuth2 client using atlassian OAuth2 provider,

SCOPES = %w[
read:me
read:account
read:jira-work
read:jira-user
write:jira-work
]

OmniAuth.config.allowed_request_methods = [:get, :post]

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :atlassian_oauth2, ENV['ATLASSIAN_CLIENT_ID'], ENV['ATLASSIAN_CLIENT_SECRET'],
    scope: SCOPES.join(' '),
    prompt: "consent"
end

with 'omniauth-atlassian-oauth2' gem.

@marlinpierce you approve of this approach, I'm prepared and interested in starting to work on the contribution.

[marlinpierce]

We have been using that work around with OAuth 2.0. There is a fix merged into the next release which fixes using the default headers for multipart request.

I do have code started which sets the token in the Bearer header. That code has more too, such as making the Access Request to get the Access Token.

I'll work on it during our end of year break at work. It is almost ready to submit for review and testing.