Support modern authentication methods (OAuth 2.0 / OIDC) for Jira Align REST API access instead of Basic auth

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • Component/s: REST API
    • None
    • 2

      Issue Summary

      Many organizations’ information security standards prohibit the use of Basic authentication for application integrations. Internal and external applications that must integrate with Jira Align via the REST API often cannot use Basic authentication (username + API token over Basic).

      As a result, machine-to-machine or app-to-app integrations with Jira Align can be blocked where Basic auth is disallowed. Development work relying on the Jira Align API may be stalled until a compliant, modern authentication method is available.

      Example use case:

      • Microsoft Power Apps → Jira Align (REST API) integration, where Power Apps needs to call Jira Align programmatically.

      Today, Jira Align’s REST API only supports Basic authentication, which is considered non‑compliant with many enterprise security policies and out of step with modern industry standards.

      Current behavior

      • Jira Align REST API access is limited to Basic authentication (username + API token).
      • No first‑class support for modern, standards‑based auth flows for machine‑to‑machine or delegated user access.

      This creates a blocker for organizations with strict security controls that disallow Basic auth for integrations.

      Expected / Required behavior
      Provide a supported, modern authentication flow for Jira Align API access that is compatible with common enterprise security requirements. For example:

      1. OAuth 2.0 client credentials (machine‑to‑machine)
        • Ability to configure confidential clients (e.g., integration apps or services).
        • Scoped access to Jira Align resources via access tokens.
        • No reliance on user passwords or Basic auth.
      1. OAuth 2.0 authorization code + refresh token (delegated user access)
        • End users can grant access to Jira Align data with explicit scopes.
        • Integrations can use access tokens and refresh tokens instead of Basic auth.
      1. OIDC support (for identity) combined with OAuth 2.0 for authorization
        • Standards‑based identity and authorization flow aligning with modern IdP setups.
      1. Or another Atlassian‑approved modern alternative
        • Any supported authentication mechanism that is not Basic auth and is recognized as modern and secure per industry standards and typical enterprise security policies.

      Impact

      • Organizations that prohibit Basic auth cannot build or deploy compliant integrations with Jira Align when Basic auth is the only option.
      • This blocks automation and integration scenarios (such as internal applications and low‑code/no‑code platforms) that rely on secure, standards‑based authentication.

      Request
      Please add support for modern, standards‑based authentication (such as OAuth 2.0 and/or OIDC) for Jira Align REST API integrations and document recommended patterns for:

      • Machine‑to‑machine/API access, and
      • Delegated user access with granular scopes.

              Assignee:
              Mick Wilson
              Reporter:
              Leo.Soronio
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: