Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-4329

Token-based authentication for RSS

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Won't Fix
    • None
    • None
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      When RSS feeds are generated, there's the opportunity to have "token authentication". In this case, an opaque token is added to the end of the feed URL. People accessing the feed with this token will retrieve it with the same credentials as the person who created the feed.

      Tokens, obviously, must not be transferrable between different feeds, not be predictable, and not be able to have either the original username or password retrieved from them.

            [CONFSERVER-4329] Token-based authentication for RSS

            Johannes Fürtler added a comment -

            Please consider a token based authentication for reading RSS feeds

            Johannes Fürtler added a comment - Please consider a token based authentication for reading RSS feeds

            Adam Barnes (Inactive) added a comment -

            Thank you for your interest in this feature request. We are resolving this request as Won't Fix as we're not planning to implement any time in the foreseeable future.

            Adam Barnes (Inactive) added a comment - Thank you for your interest in this feature request. We are resolving this request as Won't Fix as we're not planning to implement any time in the foreseeable future.

            Karthick Sundararajan added a comment -

            This feature would be a great time saver for organizations. I am trying to build dashboards for different features and some of the tools we have are non-Atlassian products which require authentication. This would be of great use in such cases.

            Karthick Sundararajan added a comment - This feature would be a great time saver for organizations. I am trying to build dashboards for different features and some of the tools we have are non-Atlassian products which require authentication. This would be of great use in such cases.

            Martin Seibert added a comment -

            Any update from Atlassian here?

            Martin Seibert added a comment - Any update from Atlassian here?

            Martin Seibert added a comment -

            I am all for this feature to be implemented.

            Martin Seibert added a comment - I am all for this feature to be implemented.

            Duncan Hill added a comment -

            Pointed here in response to a ticket I raised about JIRA, but hopefully if this feature makes it into Confluence, JIRA gets it as well. We'd love to have RSS feeds from JIRA, but there's no way I'm going to deploy a sysadmin-level password in the clear to read my feed.

            Duncan Hill added a comment - Pointed here in response to a ticket I raised about JIRA, but hopefully if this feature makes it into Confluence, JIRA gets it as well. We'd love to have RSS feeds from JIRA, but there's no way I'm going to deploy a sysadmin-level password in the clear to read my feed.

            AudraA added a comment -

            Closed dupe of CONF-8510.

            Issue described:
            Currently if you run locked-down (login required) server you need to use your username and password to retrieve RSS feeds. When using a 3rd party reader (such as Google Reader) this inevitably means exposing your global username and password.

            Fisheye solves this by generating a hash during a user login which is then stored with the user details. Only URLS containing this hash will authenticate. Deleting this hash from the DB is effectively a global logout. An additional bonus is that you can create hashes on a per-resource basis; you could create a hash for the RSS feed and one to enable an attachment to be accessible externally (e.g. an image) and the compromise of one does not mean the compromise of the other.

            4 votes noted on October 13, 2009.

            AudraA added a comment - Closed dupe of CONF-8510 . Issue described: Currently if you run locked-down (login required) server you need to use your username and password to retrieve RSS feeds. When using a 3rd party reader (such as Google Reader) this inevitably means exposing your global username and password. Fisheye solves this by generating a hash during a user login which is then stored with the user details. Only URLS containing this hash will authenticate. Deleting this hash from the DB is effectively a global logout. An additional bonus is that you can create hashes on a per-resource basis; you could create a hash for the RSS feed and one to enable an attachment to be accessible externally (e.g. an image) and the compromise of one does not mean the compromise of the other. 4 votes noted on October 13, 2009.

            Ray Yin added a comment -

            Don't understand why the RSS Macro cant' access Confluence's authentication libraries to authenticate feeds that are referenced within Confluence itself? Having the place the plain text username and password into a RSS URL is a non-starter for any organization that has even moderate information security guidelines.

            Ray Yin added a comment - Don't understand why the RSS Macro cant' access Confluence's authentication libraries to authenticate feeds that are referenced within Confluence itself? Having the place the plain text username and password into a RSS URL is a non-starter for any organization that has even moderate information security guidelines.

            Danielle Zhu added a comment -

            Clear text password is an obvious hurdle to wiki integration with portal/RSS aggregator in the enterprise. I'd like to see it included in the 3.x road map.

            Danielle Zhu added a comment - Clear text password is an obvious hurdle to wiki integration with portal/RSS aggregator in the enterprise. I'd like to see it included in the 3.x road map.

            Robert Wojciechowski added a comment -

            We also use authentication to our wiki and token based RSS feeds would be wonderful!

            Robert Wojciechowski added a comment - We also use authentication to our wiki and token based RSS feeds would be wonderful!

              Unassigned Unassigned
              cmiller@atlassian.com Charles Miller (Inactive)
              Votes:
              52 Vote for this issue
              Watchers:
              39 Start watching this issue

                Created:
                Updated:
                Resolved: