Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-63933

API Documentation for Cookie Based authentication needs update

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Obsolete
    • Ecosystem
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Status Update

       Cookie-based authentication is deprecated 

      Jira Cloud has deprecated cookie-based authentication in favor of basic authentication with API tokens or OAuth. We strongly recommend you use either of these authentication methods in place of cookie-based authentication.

      See the deprecation notice for more information.

      This was only checked for cloud environment yet.

      As stated in the documentation for REST API Cookie-based authentication https://developer.atlassian.com/display/jiracloud/JIRA+REST+API+-+Cookie-based+Authentication. You need to send a POST Call for rest/auth/1/session and
      It should return the "Name" and "Value" for Tokens, like the response below. 

      {
    "session":
        {
            "name":"JSESSIONID",
            "value":"6E3487971234567896704A9EB4AE501F"

      However while testing this in a Cloud Environment Instance. It is not returning the value for token, but only the name. The value is not coming in the response body, but in the header instead. So for other REST methods that not curl it may be hard to retrieve the token value.

      curl -H 'Content-Type: application/json' -d "{\"username\": \"sysadmin\", \"password\": \"ZZZSOMEPASSWORDZZ\"}" -X POST https://instance.atlassian.net/rest/auth/1/session

{"session":{"name":"studio.crowd.tokenkey"},"loginInfo":{"failedLoginCount":14,"loginCount":17558,"lastFailedLoginTime":"2014-10-02T22:37:25.749-0300","previousLoginTime":"2017-01-31T11:30:06.795-0200"}}

      Either documentation should be warned that does not work for cloud, or there should be provided another way to retrieve the value for token in the response body.

      Workaround

      When calling the session endpoint just store all the cookie information in a file and use that to authenticate. E.g.:

      1. Store the cookie in a cookie jar: 
        curl -c cookie.txt -H "Content-Type: application/json" -d '{"username":"XXXXXXXXX", "password":"XXXXXXXXX" }' -X POST https://INSTANCE/rest/auth/1/session

OR

curl --cookie-jar cookie.txt -H "Content-Type: application/json" -d '{"username":"XXXXXXXXX", "password":"XXXXXXXXX" }' -X POST https://INSTANCE/rest/auth/1/session
      2. Use that to authenticate the successive REST calls: 
        curl -b cookie.txt --header "X-Atlassian-Token: no-check" -H "Content-Type: application/json" -X GET https://INSTANCE/rest/........

OR

curl --cookie cookie.txt --header "X-Atlassian-Token: no-check" -H "Content-Type: application/json" -X GET https://INSTANCE/rest/........

      Attachments

        Issue Links

          is related to

          Suggestion - JRASERVER-63933 API Documentation for Cookie Based authentication needs update

          • Closed
          relates to

          Suggestion - JRACLOUD-62515 The documentation for REST API Cookie authentication is incomplete (for Cloud)

          • Closed
          is caused by

          CRANE-610 Loading...

          Activity

            People

              Unassigned Unassigned
              emasiero Eduardo Masiero
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: