Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Description
Problem Definition
Personal Access Tokens (PAT) are available on Jira since version 8.14.0.
As part of the implementation from JRASERVER-72019, authentication with a PAT is allowed on any endpoint, not being restricted for /rest.
Suggested Solution
As a Jira administrator, it would be great having a way to configure and limit PAT authentication on selected endpoints.
It could be either an option on the UI or a system property that allows adding a list of endpoints and/or regex.
Workaround
Use the load balancer or the reverse proxy to limit access to specific endpoints when Authorization: Bearer request header is used.
Administrators may want to consider an API token solution from the Atlassian Marketplace: https://marketplace.atlassian.com/search?hosting=dataCenter&product=jira&query=api%20token