Open issues

Order by Priority
  1. Suggestion
    ECO-892Allow users without "Edit Issue" permission to enable/disable jira:issuePanel module
  2. Suggestion
    ECO-275Mail handler: recognise topic by subject and not only by ticket number
  3. Suggestion
    ECO-1021Increase the number of allowed files for resource bundles
  4. Suggestion
    ECO-1019Please add require("global-agent/bootstrap"); to support corporate proxy environments
  5. Suggestion
    ECO-1000Lack of Public API to Retrieve Jira Product Editions and Installed Apps
  6. Suggestion
    ECO-470Usage statistics for third party apps
  7. Suggestion
    ECO-985Provide analytics for third-party apps usage across Jira Cloud
  8. Suggestion
    ECO-1018Include a query parameter on the request: PUT - Update custom field value
  9. Suggestion
    ECO-1017Inconsistent Attachment Tracking Across Transition Experiences and Project Types
  10. Suggestion
    ECO-1014Improved "forge version bulk-upgrade" logging
  11. Suggestion
    ECO-1004Do not increase the minor version when there is no code or manifest.yml file changes
  12. Suggestion
    ECO-838asUser API requests for JSM portal only (customer account) users
  13. Suggestion
    ECO-1010Increase the maximum number of items to return per page
  14. Suggestion
    ECO-95Client Credential Grant Flow for OAuth 2.0 for external OAuth2 apps
  15. Suggestion
    ECO-1005Forge Confluence Global Settings Children Pages
  16. Suggestion
    ECO-1003Forge Confluence Global Page Children Pages
  17. Suggestion
    ECO-1002Enable UI Modification (UIM) Support for Jira List View (Issue Navigator)
  18. Suggestion
    ECO-926Support the usage of both invoke() and invokeRemote() in a forge module
  19. Suggestion
    ECO-957Forge workflow validator function does not receive configuration in payload during Jira issue transitions
  20. Suggestion
    ECO-1001Allow geolocation permission in Forge iFrame
  21. Suggestion
    ECO-998Allow removal of remotes without triggering major version.
  22. Suggestion
    ECO-466Ability to export the list of Connected apps and provide information about authentication method used by apps.
  23. Suggestion
    ECO-917Support for Hidden or Non-Discoverable Macros in Forge
  24. Suggestion
    ECO-920Support for Non-Discoverable or Hidden Global Pages in Forge
  25. Suggestion
    ECO-997Allow paths to be declared dynamically for Forge providers.
  26. Suggestion
    ECO-996Ability to track custom entity storage via Atlassia Developer Console
  27. Suggestion
    ECO-315App Usage for Jira Cloud
  28. Suggestion
    ECO-994Ability to add a link to an app directly inside Jira Navigation
  29. Suggestion
    ECO-993Upgrade Forge to React 19
  30. Suggestion
    ECO-489 The new workflow editor should support validators and conditions provided by third-party apps.
  31. Suggestion
    ECO-914Forge to support displaying external pages that requires user authentication through browser/Frontend
  32. Suggestion
    ECO-991Add a new entry point for issue view opened by app
  33. Suggestion
    ECO-74Integrate organizations Rest API into Forge
  34. Suggestion
    ECO-87Allow Forge app scopes to be optional when product isn't available
  35. Suggestion
    ECO-283OAuth 2.0 with Proof Key for Code Exchange (PKCE)
  36. Suggestion
    ECO-792Provide an option to automatically adjust the forge bridge modal size based on its content.
  37. Suggestion
    ECO-629As an app developer, I want to trigger a Rovo Agent from a Forge function
  38. Suggestion
    ECO-421Improve error messaging for permission related issue panel action
  39. Suggestion
    ECO-987Custom colors for UI Kit elements like lozenges
  40. Suggestion
    ECO-984Forge: Missing parent Field in avi:jira:deleted:issue Event Payload
  41. Suggestion
    ECO-986Enable non-admin support for jira:workflowPostFunction in Forge
  42. Suggestion
    ECO-982Add Native Binary (BLOB) Support in Forge SQL SDK
  43. Suggestion
    ECO-981Allow a Forge JQL function fragment from a custom JQL function to invoke another custom JQL function
  44. Suggestion
    ECO-980Allow a Forge JQL function fragment from a custom JQL function to invoke another custom JQL function
  45. Suggestion
    ECO-244As a site or org admin, I want to be able to use the apps when logged in as another user
  46. Suggestion
    ECO-965Forge Storage should be part of the Atlassian-provided Backup & Restore capabilities
  47. Suggestion
    ECO-472Lower pop-up prompt when including Jira tickets in a Confluence Cloud page
  48. Suggestion
    ECO-900As a Forge developer, I would like to emit cross-app events.
  49. Suggestion
    ECO-85It should be documented how the connect app user and groups work and how changing default product access groups can break apps
  50. Suggestion
    ECO-963Granular Permission Management for Connect Users Across Atlassian Products
Refresh results
35 of 538
Uploaded image for project: 'Atlassian Ecosystem'
  1. Atlassian Ecosystem
  2. ECO-283

OAuth 2.0 with Proof Key for Code Exchange (PKCE)

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      User Problem

      I’m developing a desktop application (in C# / .NET) that needs to use the Jira Cloud REST API on a user's behalf.

      I was reading this article about OAuth 2.0 (3LO) which explains how to use Authorization Code grant flow. However, in this article, we're using a Client Secret to exchange the authorization code for an access token.

      Since my application is a desktop application, it should be considered as a public (non-confidential) client. All application's binaries and files are copied into local file system. Since they can be easily decompiled and inspected by anyone having an access to file system, desktop applications should not contain any secrets.

      Suggestion Solution

      Desktop applications should use Authorization Code grant flow with PKCE extension to authorize user and to avoid storing any secrets on user's device.

      This request is to ask for the PKCE extension to be added to the Authorization Code grant flow for the Jira Cloud Rest API.

      Current Workaround

      A possible work-around (less than ideal user experience), is that each of user generates their own client id & secret, stores it in their local environment, and then your app can mediate the authorization code flow using those unique credentials.

      Additional Note

      Please note that the public suggestion OAUTH20-2491 logged for PKCE explicitly mentions an on-prem Jira version. Atlassian treats bugs separately for Cloud vs Server/DC. As such, I'm logging this new feature request specifically for Cloud.

      Also, this request doesn't concern Forge and Connect apps. However, there is no suitable component available. I was forced to select a Forge and Connect component.

            No work has yet been logged on this issue.

              Unassigned Unassigned
              ebb98b719f06 François Chartrand
              Votes:
              24 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated: