Read both older "key" and newer "accountId" identifiers from JIRA during authentication

Summary:
Depends on D21022. Ref T13493. The JIRA API has changed from using "key" to identify users to using "accountId".

By reading both identifiers, this linkage "just works" if you run against an old version of JIRA, a new version of JIRA, or an intermediate version of JIRA.

It also "just works" if you run old JIRA, upgrade to intermediate JIRA, everyone refreshes their link at least once, then you upgrade to new JIRA.

This is a subset of cases and does not include "sudden upgrade to new JIRA", but it's strictly better than the old behavior for all cases it covers.

Test Plan: Linked, unlinked, and logged in with JIRA. Looked at the "ExternalAccountIdentifier" table and saw a sensible value.

Maniphest Tasks: T13493

Differential Revision: https://secure.phabricator.com/D21023

src/applications/auth/adapter/PhutilJIRAAuthAdapter.php

@@ -22,12 +22,33 @@ final class PhutilJIRAAuthAdapter extends PhutilOAuth1AuthAdapter {
     return $this->jiraBaseURI;
   }
 
-  public function getAccountID() {
+  protected function newAccountIdentifiers() {
     // Make sure the handshake is finished; this method is used for its
     // side effect by Auth providers.
     $this->getHandshakeData();
 
-    return idx($this->getUserInfo(), 'key');
+    $info = $this->getUserInfo();
+
+    // See T13493. Older versions of JIRA provide a "key" with a username or
+    // email address. Newer versions of JIRA provide a GUID "accountId".
+    // Intermediate versions of JIRA provide both.
+
+    $identifiers = array();
+
+    $account_key = idx($info, 'key');
+    if ($account_key !== null) {
+      $identifiers[] = $this->newAccountIdentifier($account_key);
+    }
+
+    $account_id = idx($info, 'accountId');
+    if ($account_id !== null) {
+      $identifiers[] = $this->newAccountIdentifier(
+        sprintf(
+          'accountId(%s)',
+          $account_id));
+    }
+
+    return $identifiers;
   }
 
   public function getAccountName() {