Aha Needs to Utilize JIRA API Token Based Authentication, Not Basic HTTP, for the JIRA Integration

Update: https://support.aha.io/hc/en-us/articles/360027065111-April-19-2019-Jira-authentication-update

If you are using JIRA cloud then you can use the Aha! plugin which does use Oauth for authentication: https://marketplace.atlassian.com/plugins/io.aha.connect/cloud/overview.

For on-premise JIRA systems the Oauth based authentication that JIRA offers would typically be desirable, however because of the architecture of JIRA it doesn't make sense for the integration with Aha!. Each JIRA instance operates completely independently of other JIRA instances - this is in contrast to other cloud based tools, like Salesforce, where there is central administrative control for all instances. This means that each Aha! user who wants to configure an Oauth integration between Aha! and JIRA also needs to create a consumer application within JIRA and share the secret for that consumer with Aha!. This secret is equivalent to the password being used for basic authentication - so there is no security advantage in using Oauth. With other SaaS applications (like Salesforce) only a single consumer application is required for all Aha! customers to share, and so the secret is only shared once. This means that the benefits of Oauth (like limited token lifetime) do actually add a benefit.

As a consequence we do not plan to support Oauth for JIRA on premise. We believe the the current basic authentication over HTTPS approach is just as secure when used with a dedicated JIRA service account.