Uploaded image for project: 'Atlassian Ecosystem'
  1. Atlassian Ecosystem
  2. ECO-143

Add an authorization URL containing both classic and granual scopes for OAuth 2.0 (3LO) apps in Developer Console

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Currently for OAuth 2.0 (3LO) applications, the Authorization URL Generator in the developer console creates two specific URLs regarding scopes:

      • One containing granular scopes.
      • Another containing classic scopes.

      Therefore, in this feature request, it would be useful to app developers to have an URL which contains both the classical and granular scopes, in other words, a merger of URLs automatically.

          Form Name

            [ECO-143] Add an authorization URL containing both classic and granual scopes for OAuth 2.0 (3LO) apps in Developer Console

            Tony Chu added a comment -

            Hi,

            Why such merger is necessary...

            Granular permission scopes are just too "granular" that some of the APIs from https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/#version would need multiple (sometimes more than a dozen) granular scopes for a single call, while a couple of classic permission scopes can already cover.

            Not to mention if a classic scope is specified, such as "read:jira-work", a huge amount of APIs are covered. 

            But those APIs from https://developer.atlassian.com/cloud/jira/software/rest/intro/#introduction do not support classic permission scopes.

            So if a program (like mine) needs to call various REST APIs but some of them do not support classic scopes, I am forced to use a hybrid combination of both scope styles when setting the OAuth app, but it would generate 2 URLs which I cannot use both, because none of the URL covers all the scopes. And manually editing the URL is error-prone, which I think the developer console could do better than human on such mundane job.

            Tony Chu added a comment - Hi, Why such merger is necessary... Granular permission scopes are just too "granular" that some of the APIs from https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/#version would need multiple (sometimes more than a dozen) granular scopes for a single call, while a couple of classic permission scopes can already cover. Not to mention if a classic scope is specified, such as "read:jira-work", a huge amount of APIs are covered.  But those APIs from https://developer.atlassian.com/cloud/jira/software/rest/intro/#introduction do not support classic permission scopes. So if a program (like mine) needs to call various REST APIs but some of them do not support classic scopes, I am forced to use a hybrid combination of both scope styles when setting the OAuth app, but it would generate 2 URLs which I cannot use both, because none of the URL covers all the scopes. And manually editing the URL is error-prone, which I think the developer console could do better than human on such mundane job.

              Unassigned Unassigned
              d6427b6fb657 Guilherme Bueno (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: