OAuth account or OAuth direct?



I’m looking for a bit of design guidance around authentication.

I’m contemplating an app that will integrate with Atlassian JIRA. JIRA support OAuth authentication when configured for specific apps.

The API (using https://www.npmjs.com/package/jira-connector) requires an OAuth access token, secret and consumer and private keys.

I can imagine two ways to implement this:

  • Use password accounts in Meteor and implement the OAuth dance using the example as per https://www.npmjs.com/package/jira-connector. Store the tokens and keys in the database and use them during access.
  • Implement a new accounts type that lets the user directly authenticate with JIRA and then use the information from what authentication in the API calls.

Which approach is most practical? Is it possible to access the OAuth details if I write a custom service?



So, assuming #2, are there any examples of using Meteor OAuth with a public/private key pair as part of the OAuth request?

https://bitbucket.org/atlassian_tutorial/atlassian-oauth-examples/src/d625161454d1ca97b4515c6147b093fac9a68f7e/nodejs/app.js?at=default points at some example code, but it’s all a bit confusing to me still.