Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-77688

As a Jira administrator I would like to configure which paths are allowed to be accessed with personal access tokens

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • Personal Access Tokens
    • None
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Problem Definition

      Personal Access Tokens (PAT) are available on Jira since version 8.14.0.
      As part of the implementation from JRASERVER-72019, authentication with a PAT is allowed on any endpoint, not being restricted for /rest.

      Suggested Solution

      As a Jira administrator, it would be great having a way to configure and limit PAT authentication on selected endpoints.
      It could be either an option on the UI or a system property that allows adding a list of endpoints and/or regex.

      Workaround

      Use the load balancer or the reverse proxy to limit access to specific endpoints when Authorization: Bearer request header is used.

      Administrators may want to consider an API token solution from the Atlassian Marketplace: https://marketplace.atlassian.com/search?hosting=dataCenter&product=jira&query=api%20token

      Attachments

        Activity

          People

            Unassigned Unassigned
            tmasutti Thiago Masutti
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: