Details
-
Bug
-
Resolution: Tracked Elsewhere
-
Low
-
None
-
Severity 3 - Minor
-
Description
Issue Summary
Referring to the Basic auth for REST APIs documentation taking notice of the Depreciation notice:
Using passwords with Jira REST API basic authentication
Support for passwords in REST API basic authentication is deprecated and will be removed in the future. While the Jira REST API currently accepts your Atlassian account password in basic auth requests, we strongly recommend that you use API tokens instead. We expect that support for passwords will be deprecated in the future and advise that all new integrations be created with API tokens.
Following the given example of a base 64 encoded <USER_NAME:API_Token> passed in basic auth request fails with 401 unauthorized
Environment
- Create a base64 encoded username:API_token
- to do this you Can use the command "echo username:API_token | openssl base64 | tr -d '\n' | pbcopy" to create the token and copy to clipboard
- Use the Base64 EXE from the article with your encoded token:
Supplying basic auth headers
If you need to, you may construct and send basic auth headers yourself. To do this you need to perform the following steps:
- Generate an API token for Jira using your Atlassian Account: https://id.atlassian.com/manage/api-tokens.
- Build a string of the form useremail:api_token.
- BASE64 encode the string.
- Supply an Authorization header with content Basic followed by the encoded string. For example, the string fred:fred encodes to ZnJlZDpmcmVk in base64, so you would make the request as follows:
Copy
12345{{curlD\
-X GET \
-H "Authorization: Basic ZnJlZDpmcmVk" \
-H "Content-Type: application/json" \
"https://your-domain.atlassian.net/rest/api/2/issue/QA-31"}}
Expected Results
Action completes 200 OK
Actual Results
The below exception is thrown:
$ curl -D- -X GET -H "Authorization: Basic <BASE64 encoded username:token here>" -H "Content-Type: application/json" "https://exedomain.atlassian.net/rest/api/2/issue/EXE-123" HTTP/2 401 server: AtlassianProxy/1.15.8.1 www-authenticate: OAuth realm="https%3A%2F%2Fexedomain.atlassian.net" content-type: text/html;charset=UTF-8 strict-transport-security: max-age=315360000; includeSubDomains; preload
Notes
The Deprecation Notice specifically flags Deprecation of password in basic auth and notes to use API token instead, and need clarification if this was intentional for the Base64 encoded option to also include token removal as well
Workaround
Do not use Basic Auth pass in the header and instead use the direct -u usernam:token unencoded format from the simple example section:
Simple example
Most client software provides a simple mechanism for supplying a user name (in our case, the email address) and password (or API token) that it then uses to build the required authentication headers automatically. For example, you can specify the -u argument with cURL as follows:
Copy
12345{{curlD\
-u fred@example.com:freds_api_token \
-X GET \
-H "Content-Type: application/json" \
https://your-domain.atlassian.net/rest/api/2/issue/createmeta}}