Skip to main content
Skip table of contents

Application link & OAuth1.0a

What is an application link?

The application link is the technical feature to connect an external application to Jira with OAuth 1.0a.

Basically you can imagine an application link as a door to Jira. You open it to allow the app to get access to your instance - and you can close it anytime when it is not needed anymore.

This way your user and your data stay safe. You might have noticed: when using Confluence (or any other Atlassian product) next to Jira, it is also connected with an application link.

First and most important: we never get in touch with your user’s passwords.

The same password might be used elsewhere. Using the application link with oAuth, we get a separate token from Jira for each user that is using the app. And every request is signed with a one-time token making replay attacks by a man-in-the-middle impossible.

Secondly, it is a well-known Jira standard technology and it works with most SSO solutions.

And lastly, you can always delete the application link (= close the door) and all accesses are invoked. This gives you full control just in case something bad happens.

When is the application link used?

JIRA CLOUD For Jira Cloud, the application link is only used to connect the Outlook addin with Jira. All other features are using OAuth 2.

JIRA SERVER For Jira Server, the application link with OAuth1.0a is the only authentication method available. So every request made to the instance is using this application link. This is for the Outlook app, the Teams app as well as the Jira UI. This means, every user is required to sign in with OAuth1.0a when using the app.

Where are the OAuth1.0a tokens stored?

For the Outlook addin, the token is stored within the mailbox of the corresponding user.

For other apps, the token is securely and encrypted stored on yasoon server to have access on behalf of the user.

Incoming authentication

One special thing about the application link created for Outlook Email for Jira: it is only an incoming link.

Usually an application link has an outgoing and incoming part, which makes a lot of sense when you want to connect another application like Confluence.

In the case of Outlook Email for Jira, it only needs one direction: Read and write data from Outlook to Jira. At no time, Outlook Email for Jira sends data to external servers automatically or any external service gets access to your Jira system.

Troubleshooting

Issues in upgrade report

SERVER ONLY

The latest Jira upgrades come with an dedicated upgrade report. They run a kind of health check after the upgrade to see if everything has worked correctly.

Most of the time, the application link for Outlook Email for Jira will raise a warning. You can safely ignore it.
It recognizes that the URL for the application link is not a valid one. This is intended as the application link is only inbound and used by all Outlook clients to connect to Jira. Where should the URL point to?

Warnings in the log files

SERVER ONLY

Some customers reports some warnings in the log files like this:

CODE
Registering failure for stream provider <Application Link Name> due to error other

This is also caused by the incoming-only application link.
Again, you can safely ignore them.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.