Unlicensed Users in Jira Service Managment are not able to Authorize OAuth Apps

Summary

Jira Service Management has a robust API that can be utilized in order to query relevant details. Although normally this is utilized by Agents, aka licensed users, some customizations render a need for customers (aka non-licensed users in JSM), to utilize the same endpoints available.  These users might not have credentials to access the JSM environment directly and therefore would have to rely on the three-legged-oauth method to try to obtain an access token then utilize the available endpoints.

Ultimately, Customers are unable to Authorize an Oauth app in JSM and therefore cannot leverage the REST API endpoints available

Environment

>=4.20.11

Diagnosis

When Agents try to follow the Oauth Dance in JSM, authorize  > request token  > get token  , they are able to successfully generate an Access Token and query JSM's REST API endpoint.

When a customer tries to do the same they do not see the Oauth Consent Screen to authorize the action, and are redirected back to the JSM. The customer workflow looks like this: authorize  > login to idp  > redirected to portal in JSM

Cause

Customers are not able to authorize the oauth app in JSM and therefore cannot complete the oauth dance. Without a valid access token they cannot query JSM's REST API endpoints. This is a limitation of the Oauth plugin in Jira.

Solution

The only work around is to license the customer so that they can complete the oauth workflow.