Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-2439

The OAuth 2.0 3LO app should respect the IP allowlist

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • IP Allowlisting
    • None
    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Summary:

      Oauth2.0 (3LO) is currently being bypassed.
      From the Atlassian public doc here https://support.atlassian.com/security-and-access-policies/docs/specify-ip-addresses-for-product-access/  it says:
      We also don't apply your IP allowlist restrictions to the following:

      • Application links that use 2LO
      • Connect applications
      • Forge apps with 2LO and 3LO

      Which means at this moment Oauth2.0 (3LO) is currently being bypassed.

      Suggestion:

      • The OAuth 2.0 3LO app should respect the IP allowlist. 

              4d9dba30f631 Minnerva Zou
              3197e8dfe34b Kadie Aasar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: