We try to implement an add-on with ACE. The add-on needs to consume an 3rd party REST API.
To logon to the 3rd party REST API it needs specific user / password credentials. If the logon successful, an cookie sessionid will be created and this sessionid needs to pass for each request to the 3rd party REST API in the request header.
The idea is that the user needs to login over the login dialog inside the add-on and the cookie sessionid and other 3rd party REST API user specific information should me stored in confluence user profile properties.
That means the add-on needs to be handle multiuser-sessions and run on serveral conflucence instance.
How can i do that ?
Community moderators have prevented the ability to post new answers.
Hi @Lutz Bliska,
This is the sort of situation where OAuth 2 would be very useful, but I'm assuming this 3rd party service doesn't offer it.
I think you'd need to ask the user for their login / password then pass them on to the service on their behalf, and store the cookie in the user entity properties and / or some kind of caching service like memcached or redis. You won't be able to intercept the cookie if the user logs in directly, because that's the exact sort of thing browsers and web protocols are designed to prevent.
The fact that you're doing it for several confluence instances shouldn't matter, as long as you're using some kind of unique identifier for storing the cookies.
It's more a question of your specific app's needs and architecture, but I hope those rough guidelines help.
Cheers,
James
Hi @James Hazelwood
Thank you for your support.
Yes James, you are right , there is no OAuth 2 service available on the 3rd party side.
Are the user entity properties also available for confluence add-ons based on ACE ?
Beacuse in the docs they are listed under JIRA section https://developer.atlassian.com/static/connect/docs/latest/modules/jira/entity-property.html
In case yes, do they have any limitations like max 100 entity properties available ? Or this kind of entity properties available per atlassian-user ?
So when the add-on will be used by 101 atlassian-user at the same time it won't be crash somewhere ?
At least can you please provide me an example/documentation how to implement some kind user-specifc entity propertiy
Thank you once again
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
One additional question:
how do i test the session handling ? because i can only have one free user in my confluence-dev instance. Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ah, you're right I'm afraid, user properties are only supported in JIRA at the moment, so you'll probably need to use your own datastore / caching service. As long as you include the clientkey of the host, you won't need to worry about collisions between users with matching names on different hosts.
As for testing the session handling, dev instances provide:
So you've got multiple users to test with.
Happy developing!
James
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @James Hazelwood, may be do you have an idea of this issue ? Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.