Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Component/s: Permissions - REST API authorisation
Labels:

Support reference count:
2
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

Issue Summary

if you call the Jira Cloud REST API endpoints with wrong credentials you get status 200 (OK) with empty response.

Steps to Reproduce

curl -u user:WRONGTOKEN -X GET "https://<your site name>.atlassian.net/rest/api/3/issue/createmeta"

Observe 200 in response instead of 401:

{"expand":"projects","projects":[]}

Expected Results

Response with 401 status code

Actual Results

Response with 200 status code

Workaround

If you expand the headers you can see that the authentication failed:

curl -D- -u user:WRONGTOKEN -X GET "https://<your site name>.atlassian.net/rest/api/3/issue/createmeta"

HTTP/2 200 
date: Thu, 16 Nov 2023 11:11:56 GMT
[..removed..]
x-seraph-loginreason: AUTHENTICATED_FAILED
[...removed...]
atl-traceid: 5ca64d54a9a44c7fb3f7498588389e9a
[...]

{"expand":"projects","projects":[]}

Attachments

Issue Links

is cloned from

JRACLOUD-81851 Misleading error message when authenticating REST API calls with API Key instead of API Token

Closed

supersedes

JRACLOUD-81851 Misleading error message when authenticating REST API calls with API Key instead of API Token

Closed

JRACLOUD-82405 /rest/api/2/user/search REST calls return 200 with no body using wrong API token causing confusions

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Dario B

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Feb/2024 2:10 AM

Updated:: 15/Feb/2024 4:01 AM