Configure OAuth 2.0 for Jira iOS

このページの内容

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

This feature is available for iOS only because Android supports client certificates out of the box. Both Mobile Device Management (MDM) and non-MDM users can use this feature.

Starting from Jira Data Center iOS mobile app 2.0, you can use the OAuth 2.0 authentication flow to:

  • improve your Jira’s security
  • セッションの復元を改善する
  • Fast IDentity Online 2 (FIDO2) やその他の証明書ベースの認証標準をサポートする

はじめる前に

The Jira Data Center iOS mobile app acts as the OAuth client, while Jira itself is the OAuth provider API. The iOS app uses an authorization code with the Proof Key for Code Exchange (PKCE) flow.

OAuth 2.0 は次の Jira バージョンとの互換性を持ちます。

  • Jira 9.12.14 以降の場合、OAuth プラグイン 3.1.14 以降を使ってください。
  • Jira 10.1.0 以降の場合、OAuth プラグイン 4.1.0 以降を使ってください。

Mobile Device Management (MDM) setup 

To use the OAuth 2.0 flow with the MDM setup, first you need to configure OAuth, and then integrate it with your instance.

OAuth 2.0 を設定する

To configure OAuth 2.0 for MDM, create an incoming Application link:

  1. Go to Settings, then Application, and then Application links.
  2. [リンクを作成] を選択し、以下のプロパティを使用します。
    1. [Application type (アプリ タイプ)] では [外部アプリ]
    2. [方向] では [受信]
  3. [続行] を選択します。次のページでは、以下のプロパティのみを使用します。
    1. Redirect URL: jira-server://oauth-callback
    2. 権限: WRITE
  4. 変更を保存します。

Jira will generate the OAuth credentials that include these details. More about configuring incoming links

After Jira generates the OAuth credentials, pre-populate site URLs on the login screen.

If MDM is already set up for Jira Data Center iOS mobile app, make sure you have the following configuration for the site details.

[
{ "title": "My Jira Site", "baseURL": "https://jira.example.com"}
]

OAuth 2.0 を統合する

To integrate OAuth with your instance, use the configuration below:

  • For the clientID , use the Application link you’ve just created.
  • The value cacheSessionInMobileBrowser is a Bool flag(true or false) indicating whether the mobile browser utilized for authentication should be cached.
[
{ "title": "My Jira Site", "baseURL": "https://jira.example.com", "oauth": { "clientID": "your_clientID", "cacheSessionInMobileBrowser": false } }
]

Save your changes. Before deploying the app configuration updates to your users, we recommend accessing the Jira Data Center mobile app on a device to ensure the details are accurately captured. You'll get an error if the app can't display your sites list. 

非モバイル デバイス管理 (MDM) のセットアップ

In case you want to use the OAuth 2.0 flow without MDM, you can use Jira Mobile plugin for passing client credentials. Make sure you use this feature with the compatible Jira version:

  • For Jira 9, use Jira Mobile Plugin 4.2.0 or later.
  • For Jira 10, use Jira Mobile Plugin 5.1.2 or later.

Client credentials will be passed via this endpoint: [base-url]/rest/nativemobile/1.1/info/login.
Make sure that the info/login endpoint is unauthenticated in your environment. If your instance has a reverse proxy that redirects unauthenticated requests, you’ll need to use the MDM setup.

In this scenario, you don’t need to create an Application link manually. Instead, Jira Mobile Plugin will do everything by itself. To activate OAuth 2.0 without MDM:

  1. Go to Settings, then System, and then Jira mobile app.
  2. [OAuth 2.0] を有効化します。

Now, the iOS devices will use the OAuth 2.0 protocol.

最終更新日 2024 年 9 月 30 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.