Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Low
Fix Version/s: None
Affects Version/s: 8.14.0, 8.20.0, 9.0.0, 9.4.0, 9.12.0, 9.15.0
Component/s: Documentation - All, Personal Access Tokens
Labels:
None

Introduced in Version:
8.14
Support reference count:
1
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Problem Definition

While Bitbucket and Bamboo have their own PAT implementation, Jira and Confluence share the same code base through a plugin.

There's a public document on https://success.atlassian.com/solution-resources/agile-and-devops-ado/platform-administration/how-to-secure-jira-and-confluence-rest-api-calls-in-data-center stating:

These tokens are to be used for REST API calls only, they cannot be used to log in to the product UI.

While this is true for the design implementation on Bamboo and Bitbucket, this wasn't an implementation decision for Jira and Confluence.

Although there's no in-product UI to allow user authentication with a token, the solution doesn't filter out requests from a browser.

Suggested Solution

The document should be clear to which product that statement is true and provide more details on how it would work on Jira and Confluence

Attachments

Activity

People

Assignee:: Tomasz Prus

Reporter:: Thiago Masutti

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Apr/2024 11:21 AM

Updated:: 01/May/2024 4:04 AM