Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-77687

PAT documentation may be missing important information for administrators

    XMLWordPrintable

Details

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Problem Definition

      The PAT documentation for Jira and Confluence can be found on Using Personal Access Tokens.
      When it comes to design, features and limitations, this document hasn't been updated for quite some time.

      Suggested Solution

      Update the document providing more details on the design of PAT for Jira and Confluence.
      It might be important to give some focus on security.

      For example, some topics that could be discussed on the document:

      • The token is a bypass on any MFA mechanism from their SSO.
      • The token allows access to any path and is not restricted to only /rest methods.
      • There's a limitation on which users authenticating with a PAT won't have an entry added to the audit log.
      • While there's no in-product form to allow authentication on the browser, adding it to the request header allows access from a browser.

      Current list of issues (features and bugs): https://jira.atlassian.com/issues/?jql=project%20in%20(JRASERVER%2C%20CONFSERVER)%20AND%20component%20%3D%20%22Personal%20Access%20Tokens%22%20and%20resolution%20%3D%20unresolved%20order%20by%20created

      Attachments

        Activity

          People

            a803384f6b1d Tomasz Prus
            tmasutti Thiago Masutti
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: