I have an back-end application running in AWS. It reads some events and based on an internal logic times to times it decides to create new Jira issue (or update some existing issue). It already works well for me with my Jira personal access token.
I want to replace my personal access token by some other impersonal token, because of:
- I should not be the creator of these issues. They are not created by any real user, but the backend application.
- I also do not want to give to the backend application all permisions, which I have as a user in Jira. For the backend application it is enough to create and update issues in two projects.
- It is also against our internal company policy to use personal credentials for autonomous server applications.
Now it is possible only via custom made Forge application which is overkill, because to be able to call existing Jira REST API with impersonal token, I need to:
- Introduce new technology (JavaScript) to our technology stack (my apps are written in Go, but Forge app needs JavaScript).
- Build new intermediary layer which define new API (web-triggers) and translate it to the existing JIRA REST API.
- Implement the authentication on the new API (web-triggers) myself.
- Deploy this new component (the Forge app) to different cloud (Jira cloud instead of AWS which is our company standard) using different process.
It is too much work for simple REST API call
I can generate the access JWT token with client_credentials specified and with the correct scope, but the JWT token is rejected by APIs that the token definitely has the scope for.
Validated the decoded JWT's scope and it should be right. Is 3LO required even when assigning an OAUTH app the correct scope on the developer portal and generating a JWT token with the correct scope?