Integration and Authentication ” “ Mark Lassau Team Lead, JIRA Engine Room
<ul><ul><li>Work on JIRA's core </li></ul></ul><ul><ul><li>DB, performance, Business Logic… </li></ul></ul><ul><ul><li>Mai...
Integration and Authentication ” “ <ul><li>Talking to external applications from your plugin </li></ul><ul><li>Dealing wit...
Introduction to Application Links ” “
<ul><ul><li>What is “Application Links”? </li></ul></ul><ul><ul><ul><li>a.k.a “App Links”, APL, UAL (Unified App Links) </...
<ul><ul><li>Common configuration UI </li></ul></ul>Introduction to Application Links <ul><ul><ul><li>Consistent look and f...
<ul><ul><li>What else do we get? </li></ul></ul>Introduction to Application Links <ul><ul><ul><li>Out of the box Authentic...
Using Application Links in a plugin ” “
<ul><li>Show me the code! </li></ul>Using App Links in a Plugin <ul><ul><ul><li>Use the ApplicationLinkService to get an A...
<ul><li>How easy is this? </li></ul>Using App Links in a Plugin <ul><ul><ul><li>Create your HTTP request </li></ul></ul></...
<ul><li>Except …  </li></ul><ul><li>…  the CredentialsRequiredException </li></ul>Using App Links in a Plugin <ul><ul><ul>...
Authentication in App Links ” “
<ul><ul><li>Configuring Authentication methods </li></ul></ul>Authentication in App Links <ul><ul><ul><li>The admin sets u...
<ul><ul><li>Available Authentication providers </li></ul></ul><ul><ul><ul><li>Basic Authentication </li></ul></ul></ul><ul...
<ul><ul><li>Basic Authentication </li></ul></ul><ul><ul><ul><li>Basic Auth sends a weakly encoded user/pass with  every  r...
<ul><ul><li>Basic Auth – the Good </li></ul></ul><ul><ul><ul><li>Simple to configure </li></ul></ul></ul><ul><ul><ul><li>Y...
<ul><ul><li>Basic Auth – the Bad </li></ul></ul><ul><ul><ul><li>Shared credentials </li></ul></ul></ul><ul><ul><ul><li>Sto...
<ul><ul><li>Trusted Applications </li></ul></ul><ul><ul><ul><li>Atlassian proprietary protocol </li></ul></ul></ul><ul><ul...
<ul><ul><li>Trusted Apps – the Good </li></ul></ul><ul><ul><ul><li>Respects users privileges on external app </li></ul></u...
<ul><ul><li>Trusted Apps – the Bad </li></ul></ul><ul><ul><ul><li>Will only connect to other Atlassian applications </li><...
<ul><ul><li>OAuth </li></ul></ul><ul><ul><ul><li>Standards-based authorisation protocol </li></ul></ul></ul><ul><ul><ul><l...
<ul><ul><li>OAuth - the Good </li></ul></ul><ul><ul><ul><li>Standard protocol used by many 3 rd  party systems </li></ul><...
<ul><ul><li>OAuth - the Bad </li></ul></ul><ul><ul><ul><li>User must explicitly grant access to their resources </li></ul>...
A bit about OAuth ” “
<ul><ul><li>Three-Legged OAuth </li></ul></ul><ul><ul><li>(the “OAuth Love Triangle”) </li></ul></ul>A bit about OAuth
<ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>User has not approved access yet </li></ul></ul>A bit about OAuth
<ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>User must authenticate with the remote application </li></ul></ul>A...
<ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>User grants the “client” access to her resources on the remote appl...
<ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>The first application can now access data from the remote applicati...
<ul><ul><li>The OAuth Dance – behind the scenes </li></ul></ul><ul><ul><ul><li>Client gets temporary request token from Se...
Doing the OAuth Dance ” “ <ul><ul><li>Back to writing our plugin </li></ul></ul>
<ul><ul><li>The happy path </li></ul></ul>Doing the OAuth Dance <ul><ul><ul><li>Retrieve remote data and display to user <...
<ul><ul><li>Dealing with CredentialsRequired </li></ul></ul>Doing the OAuth Dance <ul><ul><ul><li>We need to send the user...
Custom Application Types ” “ <ul><ul><li>Connecting to non-Atlassian Apps </li></ul></ul>
<ul><ul><li>Why Create a Custom Application Type? </li></ul></ul>Creating a custom Application Type <ul><ul><ul><li>Simple...
<ul><ul><li>Why Create a Custom Application Type? </li></ul></ul>Creating a custom Application Type <ul><ul><ul><li>Contro...
<ul><ul><li>Why Create a Custom Application Type? </li></ul></ul>Creating a custom Application Type <ul><ul><ul><li>More p...
<ul><ul><li>atlassian-plugin.xml </li></ul></ul>Creating a custom Application Type
<ul><ul><li>Implement ApplicationType </li></ul></ul>Creating a custom Application Type
<ul><ul><li>Implement ManifestProducer... </li></ul></ul>Creating a custom Application Type
<ul><li>Implement Manifest …  </li></ul>Creating a custom Application Type
<ul><li>Implement Manifest … authentication types  </li></ul>Creating a custom Application Type
<ul><li>Implement Manifest … mostly boilerplate  </li></ul>Creating a custom Application Type
Custom Authentication Providers ” “
<ul><ul><li>atlassian-plugin.xml </li></ul></ul>Creating a custom Authentication Provider
<ul><li>AuthenticationProviderPluginModule - Custom UI </li></ul>Creating a custom Authentication Provider
<ul><ul><li>Custom config is inserted as an iframe </li></ul></ul>Creating a custom Authentication Provider
<ul><ul><li>Storing the configuration settings </li></ul></ul><ul><ul><ul><li>AuthenticationConfigurationManager is provid...
<ul><li>AuthenticationProviderPluginModule </li></ul><ul><ul><ul><li>Creating an authentication provider </li></ul></ul></...
<ul><li>AuthenticationProvider </li></ul><ul><ul><ul><li>Returns a RequestFactory that will add authentication data </li><...
<ul><li>ApplicationLinkRequestFactory </li></ul><ul><ul><ul><li>Use SAL RequestFactory to create a vanilla request </li></...
<ul><ul><li>The circle is complete! </li></ul></ul>Creating a custom Authentication Provider <ul><ul><ul><li>Remember the ...
” <ul><li>App Links makes talking to external servers easy </li></ul><ul><li>OAuth is not as scary as it sounds </li></ul>...
Thank you!
<ul><li>More Reading </li></ul><ul><li>Application Links Documentation http://confluence.atlassian.com/display/APPLINKS/ <...
Upcoming SlideShare
Loading in …5
×

Authentication across the Atlassian Ecosystem - AtlasCamp 2011

1,506 views

Published on

How can you get your Atlassian products to use the same authentication and sign-on as the rest of your enterprise apps? We'll show you strategies for accomplishing this with the minimum amount of pain.

Mark Lassau, JIRA Developer

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,506
On SlideShare
0
From Embeds
0
Number of Embeds
169
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Authentication across the Atlassian Ecosystem - AtlasCamp 2011

  1. 2. Integration and Authentication ” “ Mark Lassau Team Lead, JIRA Engine Room
  2. 3. <ul><ul><li>Work on JIRA's core </li></ul></ul><ul><ul><li>DB, performance, Business Logic… </li></ul></ul><ul><ul><li>Maintain the JIRA Service API </li></ul></ul><ul><ul><li>Build the JIRA REST API </li></ul></ul>Engine Room Team
  3. 4. Integration and Authentication ” “ <ul><li>Talking to external applications from your plugin </li></ul><ul><li>Dealing with OAuth </li></ul><ul><li>Non-Atlassian applications </li></ul><ul><li>Custom Authentication schemes </li></ul>
  4. 5. Introduction to Application Links ” “
  5. 6. <ul><ul><li>What is “Application Links”? </li></ul></ul><ul><ul><ul><li>a.k.a “App Links”, APL, UAL (Unified App Links) </li></ul></ul></ul><ul><ul><ul><li>By itself – nothing – just an enabling library </li></ul></ul></ul><ul><ul><ul><li>Helps you write plugins that can talk to external systems </li></ul></ul></ul>Introduction to Application Links
  6. 7. <ul><ul><li>Common configuration UI </li></ul></ul>Introduction to Application Links <ul><ul><ul><li>Consistent look and feel </li></ul></ul></ul><ul><ul><ul><li>Shared configuration makes administration easier </li></ul></ul></ul><ul><ul><ul><li>One less thing for plugin devs to write </li></ul></ul></ul>
  7. 8. <ul><ul><li>What else do we get? </li></ul></ul>Introduction to Application Links <ul><ul><ul><li>Out of the box Authentication providers </li></ul></ul></ul><ul><ul><ul><li>Factories to help plugins make authenticated remote requests </li></ul></ul></ul><ul><ul><ul><li>Modular and extendable </li></ul></ul></ul>
  8. 9. Using Application Links in a plugin ” “
  9. 10. <ul><li>Show me the code! </li></ul>Using App Links in a Plugin <ul><ul><ul><li>Use the ApplicationLinkService to get an ApplicationLink </li></ul></ul></ul><ul><ul><ul><li>Get a RequestFactory that will add appropriate authentication data </li></ul></ul></ul>
  10. 11. <ul><li>How easy is this? </li></ul>Using App Links in a Plugin <ul><ul><ul><li>Create your HTTP request </li></ul></ul></ul><ul><ul><ul><li>Execute it and parse the results! </li></ul></ul></ul>
  11. 12. <ul><li>Except … </li></ul><ul><li>… the CredentialsRequiredException </li></ul>Using App Links in a Plugin <ul><ul><ul><li>If we are not able to authenticate yet </li></ul></ul></ul><ul><ul><ul><li>This is mostly about OAuth </li></ul></ul></ul>
  12. 13. Authentication in App Links ” “
  13. 14. <ul><ul><li>Configuring Authentication methods </li></ul></ul>Authentication in App Links <ul><ul><ul><li>The admin sets up zero or more authentication providers </li></ul></ul></ul><ul><ul><ul><li>Plugins usually accept “preferred” method, but can request a specific one </li></ul></ul></ul>
  14. 15. <ul><ul><li>Available Authentication providers </li></ul></ul><ul><ul><ul><li>Basic Authentication </li></ul></ul></ul><ul><ul><ul><li>Trusted Applications </li></ul></ul></ul><ul><ul><ul><li>OAuth </li></ul></ul></ul><ul><ul><ul><li>(+ Custom Authentication Providers) </li></ul></ul></ul>Authentication in App Links
  15. 16. <ul><ul><li>Basic Authentication </li></ul></ul><ul><ul><ul><li>Basic Auth sends a weakly encoded user/pass with every request </li></ul></ul></ul><ul><ul><ul><li>Single credentials shared with all users </li></ul></ul></ul><ul><ul><ul><li>Send every request over HTTPS to secure it </li></ul></ul></ul>Authentication in App Links
  16. 17. <ul><ul><li>Basic Auth – the Good </li></ul></ul><ul><ul><ul><li>Simple to configure </li></ul></ul></ul><ul><ul><ul><li>You may want to use shared credentials? </li></ul></ul></ul>Authentication in App Links
  17. 18. <ul><ul><li>Basic Auth – the Bad </li></ul></ul><ul><ul><ul><li>Shared credentials </li></ul></ul></ul><ul><ul><ul><li>Storing passwords is bad, mkay? </li></ul></ul></ul>Authentication in App Links
  18. 19. <ul><ul><li>Trusted Applications </li></ul></ul><ul><ul><ul><li>Atlassian proprietary protocol </li></ul></ul></ul><ul><ul><ul><li>Provides “impersonating” authentication </li></ul></ul></ul><ul><ul><ul><li>Assumes the user bases are exactly the same in both apps </li></ul></ul></ul>Authentication in App Links
  19. 20. <ul><ul><li>Trusted Apps – the Good </li></ul></ul><ul><ul><ul><li>Respects users privileges on external app </li></ul></ul></ul><ul><ul><ul><li>Doesn't require a shared password </li></ul></ul></ul><ul><ul><ul><li>No further authorisation required by users </li></ul></ul></ul><ul><ul><ul><li>No special code required by plugins </li></ul></ul></ul>Authentication in App Links
  20. 21. <ul><ul><li>Trusted Apps – the Bad </li></ul></ul><ul><ul><ul><li>Will only connect to other Atlassian applications </li></ul></ul></ul><ul><ul><ul><li>Only works for shared userbases </li></ul></ul></ul>Authentication in App Links
  21. 22. <ul><ul><li>OAuth </li></ul></ul><ul><ul><ul><li>Standards-based authorisation protocol </li></ul></ul></ul><ul><ul><ul><li>Provides “impersonating” authentication </li></ul></ul></ul><ul><ul><ul><li>Allows a user to grant third party access to external resources without sharing their password </li></ul></ul></ul>Authentication in App Links
  22. 23. <ul><ul><li>OAuth - the Good </li></ul></ul><ul><ul><ul><li>Standard protocol used by many 3 rd party systems </li></ul></ul></ul><ul><ul><ul><li>No storing of foreign passwords </li></ul></ul></ul><ul><ul><ul><li>Allows disparate user bases </li></ul></ul></ul><ul><ul><ul><li>User can grant and revoke access to their resources </li></ul></ul></ul>Authentication in App Links
  23. 24. <ul><ul><li>OAuth - the Bad </li></ul></ul><ul><ul><ul><li>User must explicitly grant access to their resources </li></ul></ul></ul><ul><ul><ul><li>Plugins must implement the UI logic to gain access </li></ul></ul></ul>Authentication in App Links
  24. 25. A bit about OAuth ” “
  25. 26. <ul><ul><li>Three-Legged OAuth </li></ul></ul><ul><ul><li>(the “OAuth Love Triangle”) </li></ul></ul>A bit about OAuth
  26. 27. <ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>User has not approved access yet </li></ul></ul>A bit about OAuth
  27. 28. <ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>User must authenticate with the remote application </li></ul></ul>A bit about OAuth
  28. 29. <ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>User grants the “client” access to her resources on the remote application. </li></ul></ul>A bit about OAuth
  29. 30. <ul><ul><li>The OAuth Dance </li></ul></ul><ul><ul><li>The first application can now access data from the remote application. </li></ul></ul>A bit about OAuth
  30. 31. <ul><ul><li>The OAuth Dance – behind the scenes </li></ul></ul><ul><ul><ul><li>Client gets temporary request token from Server </li></ul></ul></ul><ul><ul><ul><li>Client redirects User to the Server with the request token </li></ul></ul></ul><ul><ul><ul><li>User authenticates with Server </li></ul></ul></ul><ul><ul><ul><li>Users grants access to resources and is redirected back to Client </li></ul></ul></ul><ul><ul><ul><li>Client exchanges request token for Access Token </li></ul></ul></ul><ul><ul><ul><li>Client can now access resources on Server on behalf of User! </li></ul></ul></ul>A bit about OAuth
  31. 32. Doing the OAuth Dance ” “ <ul><ul><li>Back to writing our plugin </li></ul></ul>
  32. 33. <ul><ul><li>The happy path </li></ul></ul>Doing the OAuth Dance <ul><ul><ul><li>Retrieve remote data and display to user </li></ul></ul></ul>
  33. 34. <ul><ul><li>Dealing with CredentialsRequired </li></ul></ul>Doing the OAuth Dance <ul><ul><ul><li>We need to send the user to the remote server </li></ul></ul></ul><ul><ul><ul><li>We supply a callback URL to come back to us when they are finished </li></ul></ul></ul>
  34. 35. Custom Application Types ” “ <ul><ul><li>Connecting to non-Atlassian Apps </li></ul></ul>
  35. 36. <ul><ul><li>Why Create a Custom Application Type? </li></ul></ul>Creating a custom Application Type <ul><ul><ul><li>Simpler more professional configuration </li></ul></ul></ul>
  36. 37. <ul><ul><li>Why Create a Custom Application Type? </li></ul></ul>Creating a custom Application Type <ul><ul><ul><li>Control the available Authentication Providers </li></ul></ul></ul><ul><ul><ul><li>Can use custom Authentication Providers </li></ul></ul></ul>
  37. 38. <ul><ul><li>Why Create a Custom Application Type? </li></ul></ul>Creating a custom Application Type <ul><ul><ul><li>More professional look </li></ul></ul></ul><ul><ul><ul><li>Implement the heartbeat ping </li></ul></ul></ul>
  38. 39. <ul><ul><li>atlassian-plugin.xml </li></ul></ul>Creating a custom Application Type
  39. 40. <ul><ul><li>Implement ApplicationType </li></ul></ul>Creating a custom Application Type
  40. 41. <ul><ul><li>Implement ManifestProducer... </li></ul></ul>Creating a custom Application Type
  41. 42. <ul><li>Implement Manifest … </li></ul>Creating a custom Application Type
  42. 43. <ul><li>Implement Manifest … authentication types </li></ul>Creating a custom Application Type
  43. 44. <ul><li>Implement Manifest … mostly boilerplate </li></ul>Creating a custom Application Type
  44. 45. Custom Authentication Providers ” “
  45. 46. <ul><ul><li>atlassian-plugin.xml </li></ul></ul>Creating a custom Authentication Provider
  46. 47. <ul><li>AuthenticationProviderPluginModule - Custom UI </li></ul>Creating a custom Authentication Provider
  47. 48. <ul><ul><li>Custom config is inserted as an iframe </li></ul></ul>Creating a custom Authentication Provider
  48. 49. <ul><ul><li>Storing the configuration settings </li></ul></ul><ul><ul><ul><li>AuthenticationConfigurationManager is provided for you </li></ul></ul></ul><ul><ul><ul><li>Stores and retrieves arbitrary configuration </li></ul></ul></ul>Creating a custom Authentication Provider
  49. 50. <ul><li>AuthenticationProviderPluginModule </li></ul><ul><ul><ul><li>Creating an authentication provider </li></ul></ul></ul><ul><ul><ul><li>We are going to use the SAL RequestFactory as a helper </li></ul></ul></ul>Creating a custom Authentication Provider
  50. 51. <ul><li>AuthenticationProvider </li></ul><ul><ul><ul><li>Returns a RequestFactory that will add authentication data </li></ul></ul></ul><ul><ul><ul><li>Can be “impersonating” or “non-impersonating” </li></ul></ul></ul><ul><ul><ul><li>Wrapping the SAL RequestFactory makes life easy </li></ul></ul></ul>Creating a custom Authentication Provider
  51. 52. <ul><li>ApplicationLinkRequestFactory </li></ul><ul><ul><ul><li>Use SAL RequestFactory to create a vanilla request </li></ul></ul></ul><ul><ul><ul><li>Add headers (or whatever) in order to add authentication info </li></ul></ul></ul>Creating a custom Authentication Provider
  52. 53. <ul><ul><li>The circle is complete! </li></ul></ul>Creating a custom Authentication Provider <ul><ul><ul><li>Remember the old “authenticated request factory”? </li></ul></ul></ul>
  53. 54. ” <ul><li>App Links makes talking to external servers easy </li></ul><ul><li>OAuth is not as scary as it sounds </li></ul><ul><li>Specialist Application Types can be created </li></ul><ul><li>We can handle any authentication scheme </li></ul>
  54. 55. Thank you!
  55. 56. <ul><li>More Reading </li></ul><ul><li>Application Links Documentation http://confluence.atlassian.com/display/APPLINKS/ </li></ul><ul><li>App Links Developer docs https://developer.atlassian.com/display/APPLINKS/ </li></ul><ul><li>Example Twitter App Link http://blogs.atlassian.com/developer/2011/06/unified_applinks_integration_without_the_hassle_-_part_1.html </li></ul><ul><li>OAuth 1.0 Guide http://hueniverse.com/oauth/ </li></ul>

×