I am trying to authenticate against Tempo service using API. 

We only have Tempo plugin in Jira, we don’t have an account on tempo.io.

I have admin role on our Atlassian account.

Here are the steps I have taken so far:

1. Create OAuth application at:
   https://xxxxx.atlassian.net/plugins/servlet/ac/io.tempo.jira/tempo-app#!/configuration/identity-service

2. I create a C# API that is hosted on Azure, there is where our redirect URL is pointing to. This service is supposed to make calls to Tempo API.

3. To initiate authentication flow, I go to https://xxxxx.atlassian.net/plugins/servlet/ac/io.tempo.jira/oauth-authorize/?client_id={clientID}&redirect_uri={redirectURL}
   RedirectURL is same as RedirectURL in OAuth application.

4. I successfully open the page where I need to Authorize access for my application to Tempo data.

5. Click “Authorize Access”

6. I get message “Success! Click ''Onwards!'' to connect xxxxx with Tempo” 

7. I click on Onwards.

8. Request is made to my API on Azure i.e. same address defined in Redirect URL
   API receives the “code” for making the request for authentication.

9. Request is made to tempo.io, here is my C# code:
   
   string tokenEndpoint = "https://api.tempo.io/core/3/oauth/token";            

            using var httpClient = new HttpClient();

            using var content = new FormUrlEncodedContent(new Dictionary<string, string>

            {

                { "grant_type", "authorization_code" },

                { "client_id", "{client_id}" },

                { "client_secret", "{client_secret}" },

                { "redirect_uri", "{redirect_uri}" },

                { "code", { received code from Jira authorization request}}

            }); 

Redirect URL is exactly the same as redirectURL in step 3 and registered OAuth application.

10. I get error from

11. As a result, I get an error.

<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html;charset=ISO-8859-1\"/>\n<title>Error 401 Unauthorized</title>\n</head>\n<body>\n<h2>HTTP ERROR 401 Unauthorized</h2>\n<table>\n<tr><th>URI:</th><td>http://core-public.default/api/core/3/oauth/token</td></tr>\n<tr><th>STATUS:</th><td>401</td></tr>\n<tr><th>MESSAGE:</th><td>Unauthorized</td></tr>\n</table>\n<hr/><a href=\"https://jetty.org/\">Powered by Jetty:// 12.0.16</a><hr/>\n\n</body>\n</html>\n

For testing purpose, immediately after above flow I run the same request from Postman:

GET /core/3/oauth/token HTTP/1.1

Host: api.tempo.io

Content-Type: application/x-www-form-urlencoded

Content-Length: 354 

grant_type=authorization_code&client_id={clientID}&client_secret={secret}&redirect_uri={redirectURL}&code={code}

I get the following error:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<HTML>

 

<HEAD>

    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

    <TITLE>ERROR: The request could not be satisfied</TITLE>

</HEAD>

 

<BODY>

    <H1>403 ERROR</H1>

    <H2>The request could not be satisfied.</H2>

    <HR noshade size="1px">

    Bad request.

    We can't connect to the server for this app or website at this time. There might be too much traffic or a

    configuration error. Try again later, or contact the app or website owner.

    <BR clear="all">

If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

    <BR clear="all">

    <HR noshade size="1px">

    <PRE>

Generated by cloudfront (CloudFront)

Request ID: xxxxx

</PRE>

    <ADDRESS>

    </ADDRESS>

</BODY>

 

</HTML>

Please help, thank you.