Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-72920

API token encoded as Base64 in basic Auth fails with 401

XMLWordPrintable

      Issue Summary

      Referring to the Basic auth for REST APIs documentation taking notice of the Depreciation notice:

       Using passwords with Jira REST API basic authentication

      Support for passwords in REST API basic authentication is deprecated and will be removed in the future. While the Jira REST API currently accepts your Atlassian account password in basic auth requests, we strongly recommend that you use API tokens instead. We expect that support for passwords will be deprecated in the future and advise that all new integrations be created with API tokens.

      Following the given example of a base 64 encoded <USER_NAME:API_Token> passed in basic auth request fails with 401 unauthorized

      Environment

      • Jira Cloud

        Steps to Reproduce

      1. Create a base64 encoded username:API_token
        1. to do this you Can use the command "echo username:API_token | openssl base64 | tr -d '\n' | pbcopy" to create the token and copy to clipboard
      2. Use the Base64 EXE from the article with your encoded token:

      Supplying basic auth headers

      If you need to, you may construct and send basic auth headers yourself. To do this you need to perform the following steps:

      1. Generate an API token for Jira using your Atlassian Account: https://id.atlassian.com/manage/api-tokens.
      2. Build a string of the form useremail:api_token.
      3. BASE64 encode the string.
      4. Supply an Authorization header with content Basic followed by the encoded string. For example, the string fred:fred encodes to ZnJlZDpmcmVk in base64, so you would make the request as follows:

      Copy
      12345{{curl D \
      -X GET \
      -H "Authorization: Basic ZnJlZDpmcmVk" \
      -H "Content-Type: application/json" \
      "https://your-domain.atlassian.net/rest/api/2/issue/QA-31"}}

      Expected Results

      Action completes 200 OK

      Actual Results

      The below exception is thrown:

      $ curl -D- -X GET -H "Authorization: Basic <BASE64 encoded username:token here>" -H "Content-Type: application/json" "https://exedomain.atlassian.net/rest/api/2/issue/EXE-123"
HTTP/2 401 
server: AtlassianProxy/1.15.8.1
www-authenticate: OAuth realm="https%3A%2F%2Fexedomain.atlassian.net"
content-type: text/html;charset=UTF-8
strict-transport-security: max-age=315360000; includeSubDomains; preload

      Notes

      The Deprecation Notice specifically flags Deprecation of password in basic auth and notes to use API token instead, and need clarification if this was intentional for the Base64 encoded option to also include token removal as well

      Workaround

      Do not use Basic Auth pass in the header and instead use the direct -u usernam:token unencoded format from the simple example section:

      Simple example

      Most client software provides a simple mechanism for supplying a user name (in our case, the email address) and password (or API token) that it then uses to build the required authentication headers automatically. For example, you can specify the -u argument with cURL as follows:
      Copy
      12345{{curl D \
      -u fred@example.com:freds_api_token \
      -X GET \
      -H "Content-Type: application/json" \
      https://your-domain.atlassian.net/rest/api/2/issue/createmeta}}

              skarp Sarah Karp
              emccutcheon Earl McCutcheon (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: