Details
-
Suggestion
-
Resolution: Obsolete
-
None
Description
NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.
Cookie-based authentication is deprecated
Jira Cloud has deprecated cookie-based authentication in favor of basic authentication with API tokens or OAuth. We strongly recommend you use either of these authentication methods in place of cookie-based authentication.
This was only checked for cloud environment yet.
As stated in the documentation for REST API Cookie-based authentication https://developer.atlassian.com/display/jiracloud/JIRA+REST+API+-+Cookie-based+Authentication. You need to send a POST Call for rest/auth/1/session and
It should return the "Name" and "Value" for Tokens, like the response below.
{ "session": { "name":"JSESSIONID", "value":"6E3487971234567896704A9EB4AE501F"
However while testing this in a Cloud Environment Instance. It is not returning the value for token, but only the name. The value is not coming in the response body, but in the header instead. So for other REST methods that not curl it may be hard to retrieve the token value.
curl -H 'Content-Type: application/json' -d "{\"username\": \"sysadmin\", \"password\": \"ZZZSOMEPASSWORDZZ\"}" -X POST https://instance.atlassian.net/rest/auth/1/session {"session":{"name":"studio.crowd.tokenkey"},"loginInfo":{"failedLoginCount":14,"loginCount":17558,"lastFailedLoginTime":"2014-10-02T22:37:25.749-0300","previousLoginTime":"2017-01-31T11:30:06.795-0200"}}
Either documentation should be warned that does not work for cloud, or there should be provided another way to retrieve the value for token in the response body.
Workaround
When calling the session endpoint just store all the cookie information in a file and use that to authenticate. E.g.:
- Store the cookie in a cookie jar:
curl -c cookie.txt -H "Content-Type: application/json" -d '{"username":"XXXXXXXXX", "password":"XXXXXXXXX" }' -X POST https://INSTANCE/rest/auth/1/session OR curl --cookie-jar cookie.txt -H "Content-Type: application/json" -d '{"username":"XXXXXXXXX", "password":"XXXXXXXXX" }' -X POST https://INSTANCE/rest/auth/1/session
- Use that to authenticate the successive REST calls:
curl -b cookie.txt --header "X-Atlassian-Token: no-check" -H "Content-Type: application/json" -X GET https://INSTANCE/rest/........ OR curl --cookie cookie.txt --header "X-Atlassian-Token: no-check" -H "Content-Type: application/json" -X GET https://INSTANCE/rest/........
Attachments
Issue Links
- is related to
-
JRASERVER-63933 API Documentation for Cookie Based authentication needs update
- Closed
- relates to
-
JRACLOUD-62515 The documentation for REST API Cookie authentication is incomplete (for Cloud)
- Closed
- is caused by
-
CRANE-610 Loading...