AtlasCamp 2010: Understanding the Atlassian Platform - Tim Pettersen
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
-
Upload
atlassian -
Category
Technology
-
view
1.042 -
download
3
description
Transcript of Authentication across the Atlassian Ecosystem - AtlasCamp 2011
![Page 1: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/1.jpg)
![Page 2: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/2.jpg)
2
Integration and Authentication”“
Mark LassauTeam Lead, JIRA Engine Room
![Page 3: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/3.jpg)
3
• Work on JIRA's core
• DB, performance, Business Logic…
• Maintain the JIRA Service API
• Build the JIRA REST API
Engine Room Team
![Page 4: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/4.jpg)
4
Integration and Authentication”“ Talking to external applications from your plugin
Dealing with OAuth
Non-Atlassian applications
Custom Authentication schemes
![Page 5: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/5.jpg)
5
Introduction to Application Links”“
![Page 6: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/6.jpg)
6
What is “Application Links”?
• a.k.a “App Links”, APL, UAL (Unified App Links)
• By itself – nothing – just an enabling library
• Helps you write plugins that can talk to external systems
Introduction to Application Links
![Page 7: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/7.jpg)
7
Common configuration UI
Introduction to Application Links
• Consistent look and feel
• Shared configuration makes administration easier
• One less thing for plugin devs to write
![Page 8: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/8.jpg)
8
What else do we get?
Introduction to Application Links
• Out of the box Authentication providers
• Factories to help plugins make authenticated remote requests
• Modular and extendable
![Page 9: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/9.jpg)
9
Using Application Links in a plugin”“
![Page 10: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/10.jpg)
10
Show me the code!
Using App Links in a Plugin
• Use the ApplicationLinkService to get an ApplicationLink
• Get a RequestFactory that will add appropriate authentication data
![Page 11: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/11.jpg)
11
How easy is this?
Using App Links in a Plugin
• Create your HTTP request
• Execute it and parse the results!
![Page 12: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/12.jpg)
12
Except …
… the CredentialsRequiredException
Using App Links in a Plugin
• If we are not able to authenticate yet
• This is mostly about OAuth
![Page 13: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/13.jpg)
13
Authentication in App Links”“
![Page 14: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/14.jpg)
14
Configuring Authentication methods
Authentication in App Links
• The admin sets up zero or more authentication providers
• Plugins usually accept “preferred” method, but can request a specific one
![Page 15: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/15.jpg)
15
Available Authentication providers
• Basic Authentication
• Trusted Applications
• OAuth
• (+ Custom Authentication Providers)
Authentication in App Links
![Page 16: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/16.jpg)
16
Basic Authentication
• Basic Auth sends a weakly encoded user/pass with every request
• Single credentials shared with all users
• Send every request over HTTPS to secure it
Authentication in App Links
![Page 17: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/17.jpg)
17
Basic Auth – the Good
• Simple to configure
• You may want to use shared credentials?
Authentication in App Links
![Page 18: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/18.jpg)
18
Basic Auth – the Bad
• Shared credentials
• Storing passwords is bad, mkay?
Authentication in App Links
![Page 19: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/19.jpg)
19
Trusted Applications
• Atlassian proprietary protocol
• Provides “impersonating” authentication
• Assumes the user bases are exactly the same in both apps
Authentication in App Links
![Page 20: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/20.jpg)
20
Trusted Apps – the Good
• Respects users privileges on external app
• Doesn't require a shared password
• No further authorisation required by users
• No special code required by plugins
Authentication in App Links
![Page 21: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/21.jpg)
21
Trusted Apps – the Bad
• Will only connect to other Atlassian applications
• Only works for shared userbases
Authentication in App Links
![Page 22: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/22.jpg)
22
OAuth
• Standards-based authorisation protocol
• Provides “impersonating” authentication
• Allows a user to grant third party access to external resources without sharing their password
Authentication in App Links
![Page 23: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/23.jpg)
23
OAuth - the Good
• Standard protocol used by many 3rd party systems
• No storing of foreign passwords
• Allows disparate user bases
• User can grant and revoke access to their resources
Authentication in App Links
![Page 24: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/24.jpg)
24
OAuth - the Bad
• User must explicitly grant access to their resources
• Plugins must implement the UI logic to gain access
Authentication in App Links
![Page 25: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/25.jpg)
25
A bit about OAuth ”“
![Page 26: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/26.jpg)
26
Three-Legged OAuth
(the “OAuth Love Triangle”)
A bit about OAuth
![Page 27: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/27.jpg)
27
The OAuth Dance
User has not approved access yet
A bit about OAuth
![Page 28: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/28.jpg)
28
The OAuth Dance
User must authenticate with the remote application
A bit about OAuth
![Page 29: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/29.jpg)
29
The OAuth Dance
User grants the “client” access to her resources on the remote application.
A bit about OAuth
![Page 30: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/30.jpg)
30
The OAuth Dance
The first application can now access data from the remote application.
A bit about OAuth
![Page 31: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/31.jpg)
31
The OAuth Dance – behind the scenes
• Client gets temporary request token from Server
• Client redirects User to the Server with the request token
• User authenticates with Server
• Users grants access to resources and is redirected back to Client
• Client exchanges request token for Access Token
• Client can now access resources on Server on behalf of User!
A bit about OAuth
![Page 32: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/32.jpg)
32
Doing the OAuth Dance”“Back to writing our plugin
![Page 33: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/33.jpg)
33
The happy path
Doing the OAuth Dance
• Retrieve remote data and display to user
![Page 34: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/34.jpg)
34
Dealing with CredentialsRequired
Doing the OAuth Dance
• We need to send the user to the remote server
• We supply a callback URL to come back to us when they are finished
![Page 35: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/35.jpg)
35
Custom Application Types ”“Connecting to non-Atlassian Apps
![Page 36: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/36.jpg)
36
Why Create a Custom Application Type?
Creating a custom Application Type
• Simpler more professional configuration
![Page 37: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/37.jpg)
37
Why Create a Custom Application Type?
Creating a custom Application Type
• Control the available Authentication Providers
• Can use custom Authentication Providers
![Page 38: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/38.jpg)
38
Why Create a Custom Application Type?
Creating a custom Application Type
• More professional look
• Implement the heartbeat ping
![Page 39: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/39.jpg)
39
atlassian-plugin.xml
Creating a custom Application Type
![Page 40: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/40.jpg)
40
Implement ApplicationType
Creating a custom Application Type
![Page 41: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/41.jpg)
41
Implement ManifestProducer...
Creating a custom Application Type
![Page 42: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/42.jpg)
42
Implement Manifest …
Creating a custom Application Type
![Page 43: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/43.jpg)
43
Implement Manifest … authentication types
Creating a custom Application Type
![Page 44: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/44.jpg)
44
Implement Manifest … mostly boilerplate
Creating a custom Application Type
![Page 45: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/45.jpg)
45
Custom Authentication Providers ”“
![Page 46: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/46.jpg)
46
atlassian-plugin.xml
Creating a custom Authentication Provider
![Page 47: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/47.jpg)
47
AuthenticationProviderPluginModule - Custom UI
Creating a custom Authentication Provider
![Page 48: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/48.jpg)
48
Custom config is inserted as an iframe
Creating a custom Authentication Provider
![Page 49: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/49.jpg)
49
Storing the configuration settings
• AuthenticationConfigurationManager is provided for you
• Stores and retrieves arbitrary configuration
Creating a custom Authentication Provider
![Page 50: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/50.jpg)
50
AuthenticationProviderPluginModule
• Creating an authentication provider
• We are going to use the SAL RequestFactory as a helper
Creating a custom Authentication Provider
![Page 51: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/51.jpg)
51
AuthenticationProvider
• Returns a RequestFactory that will add authentication data
• Can be “impersonating” or “non-impersonating”
• Wrapping the SAL RequestFactory makes life easy
Creating a custom Authentication Provider
![Page 52: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/52.jpg)
52
ApplicationLinkRequestFactory
• Use SAL RequestFactory to create a vanilla request
• Add headers (or whatever) in order to add authentication info
Creating a custom Authentication Provider
![Page 53: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/53.jpg)
53
The circle is complete!
Creating a custom Authentication Provider
• Remember the old “authenticated request factory”?
![Page 54: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/54.jpg)
#atlascamp
TAKE-AWAYS
54
App Links makes talking to external servers easy
OAuth is not as scary as it sounds
Specialist Application Types can be created
We can handle any authentication scheme
![Page 55: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/55.jpg)
Thank you!
![Page 56: Authentication across the Atlassian Ecosystem - AtlasCamp 2011](https://reader035.fdocuments.net/reader035/viewer/2022062513/554bccccb4c905706a8b4873/html5/thumbnails/56.jpg)
56
More Reading Application Links Documentationhttp://confluence.atlassian.com/display/APPLINKS/
App Links Developer docshttps://developer.atlassian.com/display/APPLINKS/
Example Twitter App Linkhttp://blogs.atlassian.com/developer/2011/06/unified_applinks_integration_without_the_hassle_-_part_1.html
OAuth 1.0 Guidehttp://hueniverse.com/oauth/