Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
1. Development Panel:
In this documentation: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Code+Development+Tools
it is stated that you will need to disable user impersonation for the Development Panel to work:
You may need to reconfigure the application link(s) between JIRA and the other applications. To enable the integration features, each application link must use 2-legged OAuth (without user impersonation) for both incoming and outgoing authentication.
This is not accurate because I was able to get it working, with or without User Impersonation.
============================
2. User Authentication for OAuth
According to the documentation: https://confluence.atlassian.com/display/APPLINKS/Configuring+Authentication+for+an+Application+Link
Impersonating authentication types make requests on behalf of the user who is currently logged in. People will see only the information that they have permission to see. This includes OAuth and Trusted Applications authentication.
Take the following example: (I tested this with JIRA 6.2.6 and Confluence 5.4.4. Impersonation is enabled in Confluence's incoming OAuth authentication)
- Lets say I am trying to link a Confluence page in a JIRA issue via the Link Confluence page option.
- I have User_A in JIRA and User_B in Confluence.
- As User_A, I click on the "authenticate" button in JIRA to authenticate with Confluence.
- I log in as User_B.
- Token is approved and I can now link the page without problems.
In this case, how does enabling Impersonation make any difference ? The docs say that we should be authenticating as User_A, because that is the user that I am currently logged in as in JIRA. User_A has no token in confluence because the token was approved for User_B anyway.
As a test, I disabled user impersonation again, and the behavior is exactly the same as having it enabled. I still can approve tokens for other users etc.