How Stretch Simplified Jira REST API Access with OAuth SSO
Stretch, a long-standing miniOrange customer, streamlined REST API authentication in Jira by leveraging access tokens generated during Single Sign-On (SSO). With miniOrange’s customized OAuth SSO and REST API plugins, Stretch eliminated the need for separate API tokens, ensuring secure, seamless, and efficient access management.
Stretch’s Business Challenge
Stretch wanted to simplify authentication for Jira REST APIs while maintaining enterprise-grade security.
Authenticating REST APIs Without New Tokens: Stretch’s Challenge
As an existing user of the miniOrange Jira OAuth SSO plugin, Stretch already used Identity Provider (IdP)-based Single Sign-On for user authentication. However, they needed a way to:
- Reuse the OAuth access token obtained during Jira SSO for REST API authentication.
- Avoid forcing users to generate and manage separate API tokens.
- Ensure all API calls remain secure and validated directly with the IdP.
Without such a solution, developers and admins faced unnecessary complexity, and IT had to maintain multiple authentication flows.
How miniOrange Helped Solve Stretch’s Challenge
miniOrange enhanced the Jira OAuth SSO plugin and REST API plugin to create a secure, token-reuse workflow. This allowed Stretch to authenticate REST API calls directly using the SSO-issued access token, eliminating duplicate token management.
OAuth SSO Token Reuse for REST API Access
Here’s how the solution worked:
- SSO Login: When a user logged into Jira, the OAuth SSO plugin redirected them to the IdP for authentication.
- Token Storage: Upon successful login, the IdP’s access token was securely encrypted and stored by the OAuth SSO plugin.
- Token Reuse: When accessing the Jira REST API, the encrypted token is passed, and our REST API plugin retrieves and decrypts the token.
- API Access: Access was granted only after successful token validation, ensuring secure and seamless API interaction.
Thus, Stretch was able to securely reuse tokens, directly tying REST API access to the user’s authenticated SSO session.
Success Outcome: Secure APIs Without Extra Tokens
With miniOrange, Stretch was able to:
- Reduce complexity by reusing SSO tokens instead of managing new API tokens.
- Enhance security with token encryption and live validation via IdP introspection.
- Automate access so users could call REST APIs without extra steps or credentials.
- Improve efficiency for developers and admins by standardizing authentication flows.
About Stretch
Stretch is a European technology and consulting company specializing in Atlassian solutions and enterprise IT services. With a focus on simplifying complex processes, Stretch partners with global organizations to deliver efficient, secure, and scalable technology solutions.