The supported authentication methods are;

OAuth2
1. Grant Types
  1. Authorization Code
  2. Implicit
  3. Resource Owner Password Credentials
  4. Client Credentials
Basic Auth
Bearer Token

Oauth2

How to create

Click on authentications (lock symbol) and select Type: OAuth2

Fields defined in the OAuth authentication option depends on the Grant Type. The remote system dictates what Grant Type to use.

Grant Types

Authorization Code
Implicit
Resource Owner Password Credentials
Client Credentials

Authorization Code

The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token.

After the user returns to the client via the redirect URL, the iHub will get the authorization code from the URL and use it to request an access token.

Step 1. Add new authentication

Select Grant Type Authorization Code
Copy the Callback url from iHub authentication UI

Step 2. Register iHub in the remote App

Paste the Callback url into the remote app
Copy & Paste the client id and client secret into the iHub Authentication configuration

The remote app will display a client id and client secret when doing this step.

Step 3. Enter Authorize, Access Token url and Scope

There are two urls that the remote application needs to specify.

Authorize url - used to make the concent and grant the authorization code
Access token url - used for interchanging the authorization code to an access code. This is made behind the scenes when the system is interacting.
Scope - used to determine what resources shall iHub get access to.

Implicit

The Implicit grant type is a simplified flow that can be used by public clients, where the access token is returned immediately without an extra authorization code exchange step.

Resource Owner Password Credentials

The Password grant type is used by first-party clients to exchange a user's credentials for an access token.

Since this involves the client asking the user for their password, it should not be used by third-party clients. In this flow, the user's username and password are exchanged directly for an access token.

Client Credentials

The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user.

This is typically used by clients to access resources about themselves rather than to access a user's resources.'

Authorization Code with assertion (Azure DevOps)

Special type to support Microsoft Azure and Devops

OAuth remote apps how-tos

Page:
Register a new Github - Personal Token (Integration Hub for JIRA)
- github
- oauth
Page:
Register a new Github OAuth app (Integration Hub for JIRA)
- github
- oauth
Page:
Add user as a collaborator in GitHub project (Integration Hub for JIRA)
- github
- oauth

Basic Auth

Basic auth include these fields:

Name	Name of the authentication setting. Will be displayed in the dropdown of the request authentication list.
User name	the user name for logging in to the application
Password	the password for logging in to the application

Bearer Token

How to create

Click on authentications (lock symbol) and select Type: Bearer Token

Bearer token include these fields:

Name	Name of the authentication setting. Will be displayed in the dropdown of the request authentication list.
Bearer Token	the token for logging in to the application

Custom Header

Custom headers is a reusable credential object that mask the password value of the header.

This is usally used for things like

x-auth-token: secret
my-token: secret

Example below shows how we setup it using status page with custom header.

Custom headers are then selected in the Authentication drop-down of the Action.