Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-77591

As a Jira administrator I would like to configure allow/deny list of user agents for bearer token authentication

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • Personal Access Tokens
    • None
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Problem Definition

      Personal access tokens are available on Jira since version 8.14.

      Bearer tokens are an abstraction of the available authentication methods allowing access to Jira protected resources.

      As long as the token is authentic, Jira allows access to protected resources independent of the client that issued the request, including browsers.

      Suggested Solution

      As a Jira administrator, I would like to create a list of allowed and/or denied clients that could authenticate using a bearer token (PAT).
      That could be in the form of allow/deny list of user agents.

      Workaround

      Implement rules on the load balancer (or on a reverse proxy) similar to the following logic:

      • A request has the Authorization request header with the Bearer authetication scheme.
      • A request was made from a list of denied clients (user-agent).
      • If the request matches both of the above, then the LB/Proxy denies the request.

      Attachments

        Activity

          People

            Unassigned Unassigned
            tmasutti Thiago Masutti
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: