Details
-
Suggestion
-
Resolution: Invalid
-
None
-
None
-
3
-
Description
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
This was only checked for cloud environment yet.
As stated in the documentation for REST API Cookie-based authentication https://developer.atlassian.com/display/jiracloud/JIRA+REST+API+-+Cookie-based+Authentication. You need to send a POST Call for rest/auth/1/session and
It should return the "Name" and "Value" for Tokens, like the response below.
{ "session": { "name":"JSESSIONID", "value":"6E3487971234567896704A9EB4AE501F"
However while testing this in a Cloud Environment Instance. It is not returning the value for token, but only the name. The value is not coming in the response body, but in the header instead. So for other REST methods that not curl it may be hard to retrieve the token value.
curl -H 'Content-Type: application/json' -d "{\"username\": \"sysadmin\", \"password\": \"ZZZSOMEPASSWORDZZ\"}" -X POST https://instance.atlassian.net/rest/auth/1/session {"session":{"name":"studio.crowd.tokenkey"},"loginInfo":{"failedLoginCount":14,"loginCount":17558,"lastFailedLoginTime":"2014-10-02T22:37:25.749-0300","previousLoginTime":"2017-01-31T11:30:06.795-0200"}}
Either documentation should be warned that does not work for cloud, or there should be provided another way to retrieve the value for token in the response body.
Workaround
When calling the session endpoint just store all the cookie information in a file and use that to authenticate. E.g.:
- Store the cookie in a cookie jar:
curl -c cookie.txt -H "Content-Type: application/json" -d '{"username":"XXXXXXXXX", "password":"XXXXXXXXX" }' -X POST https://INSTANCE/rest/auth/1/session OR curl --cookie-jar cookie.txt -H "Content-Type: application/json" -d '{"username":"XXXXXXXXX", "password":"XXXXXXXXX" }' -X POST https://INSTANCE/rest/auth/1/session
- Use that to authenticate the successive REST calls:
curl -b cookie.txt --header "X-Atlassian-Token: no-check" -H "Content-Type: application/json" -X GET https://INSTANCE/rest/........ OR curl --cookie cookie.txt --header "X-Atlassian-Token: no-check" -H "Content-Type: application/json" -X GET https://INSTANCE/rest/........
Attachments
Issue Links
- relates to
-
JRACLOUD-63933 API Documentation for Cookie Based authentication needs update
- Closed
-
JRASERVER-44654 Document REST API Cookie based authentication
- Closed
-
JRASERVER-62515 The documentation for REST API Cookie authentication is incomplete (for Cloud)
- Gathering Interest