Instructions on how to configure an API Token with Scopes for Jira Authentication

[jade-fbu]

Is your feature request related to a problem? Please describe.
When authenticating the extension with Jira Cloud sites where the user's authentication method is SSO using Google, the extension asks for an API token.

When creating an API Token in the Atlassian interface, there is a warning with the following details:

API tokens without scopes are being deprecated
We encourage creating the more secure API tokens with scopes whenever possible.

It's not clear what Scopes should be applicable to an API Token to use with the AtlasCode extension for authenticating with Jira.

Describe the solution you'd like

• Provide details in the extension of what API Token Scopes are needed for AtlasCode's Jira connection.
• Have a preconfigured scopes option for the extension visible in the API Tokens interface.

Describe alternatives you've considered

• Change the AtlasCode Jira authentication to use OAuth similar to the AtlasCode BitBucket authentication.

Additional context

Jira Authentication and attempting to create an API Token with Scopes

---

Outcome of Bitbucket authentication, not requiring an API Token

[cabella-dot]

Hey @jade-fbu, thank you for raising this issue! Just one question:

Are you working in a remote environment? If not, you should be able to authenticate using OAUTH for Jira. If you could provide your environment and extension version, that would be very appreciated!

Also, after some digging we found that the scopes Jira uses are these:

[sdzh-atlassian]

Hi @jade-fbu, thanks again for raising this with us!

On scopes - they are a relatively new thing in Atlassian API tokens, and that login option is actually implemented with the old API tokens in mind, which since recently live here:

The scopes @cabella-dot lists above is what we use for the OAuth authentication. They can be selected when minting an API token - but I've ran into some issues trying to actually use the new scoped tokens when testing this just now 🤔 We'll look into it a bit further

Would you mind elaborating a bit on your development setup? There should be an option for using OAuth against JIRA - but it only works when the extension is run locally, unfortunately - at least at the moment

[jade-fbu]

@sdzh-atlassian trying to use the extension in a remote container.
In the Jira Authentication panel when I enter the appropriate Jira top level URL, it only gives me the API Token entry fields.