API Documentation for Cookie Based authentication needs update

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Invalid
    • None
    • Component/s: REST API
    • None
    • 3

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      This was only checked for cloud environment yet.

      As stated in the documentation for REST API Cookie-based authentication https://developer.atlassian.com/display/jiracloud/JIRA+REST+API+-+Cookie-based+Authentication. You need to send a POST Call for rest/auth/1/session and
      It should return the "Name" and "Value" for Tokens, like the response below. 

      {
    "session":
        {
            "name":"JSESSIONID",
            "value":"6E3487971234567896704A9EB4AE501F"

      However while testing this in a Cloud Environment Instance. It is not returning the value for token, but only the name. The value is not coming in the response body, but in the header instead. So for other REST methods that not curl it may be hard to retrieve the token value.

      curl -H 'Content-Type: application/json' -d "{\"username\": \"sysadmin\", \"password\": \"ZZZSOMEPASSWORDZZ\"}" -X POST https://instance.atlassian.net/rest/auth/1/session

{"session":{"name":"studio.crowd.tokenkey"},"loginInfo":{"failedLoginCount":14,"loginCount":17558,"lastFailedLoginTime":"2014-10-02T22:37:25.749-0300","previousLoginTime":"2017-01-31T11:30:06.795-0200"}}

      Either documentation should be warned that does not work for cloud, or there should be provided another way to retrieve the value for token in the response body.

      Workaround

      When calling the session endpoint just store all the cookie information in a file and use that to authenticate. E.g.:

      1. Store the cookie in a cookie jar: 
        curl -c cookie.txt -H "Content-Type: application/json" -d '{"username":"XXXXXXXXX", "password":"XXXXXXXXX" }' -X POST https://INSTANCE/rest/auth/1/session

OR

curl --cookie-jar cookie.txt -H "Content-Type: application/json" -d '{"username":"XXXXXXXXX", "password":"XXXXXXXXX" }' -X POST https://INSTANCE/rest/auth/1/session
      2. Use that to authenticate the successive REST calls: 
        curl -b cookie.txt --header "X-Atlassian-Token: no-check" -H "Content-Type: application/json" -X GET https://INSTANCE/rest/........

OR

curl --cookie cookie.txt --header "X-Atlassian-Token: no-check" -H "Content-Type: application/json" -X GET https://INSTANCE/rest/........

            Assignee:
            Unassigned
            Reporter:
            Eduardo Masiero
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: