Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-63933

API Documentation for Cookie Based authentication needs update

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Invalid
    • None
    • REST API
    • None
    • 3
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      This was only checked for cloud environment yet.

      As stated in the documentation for REST API Cookie-based authentication https://developer.atlassian.com/display/jiracloud/JIRA+REST+API+-+Cookie-based+Authentication. You need to send a POST Call for rest/auth/1/session and
      It should return the "Name" and "Value" for Tokens, like the response below.

      {
          "session":
              {
                  "name":"JSESSIONID",
                  "value":"6E3487971234567896704A9EB4AE501F"
      

      However while testing this in a Cloud Environment Instance. It is not returning the value for token, but only the name. The value is not coming in the response body, but in the header instead. So for other REST methods that not curl it may be hard to retrieve the token value.

      curl -H 'Content-Type: application/json' -d "{\"username\": \"sysadmin\", \"password\": \"ZZZSOMEPASSWORDZZ\"}" -X POST https://instance.atlassian.net/rest/auth/1/session
      
      {"session":{"name":"studio.crowd.tokenkey"},"loginInfo":{"failedLoginCount":14,"loginCount":17558,"lastFailedLoginTime":"2014-10-02T22:37:25.749-0300","previousLoginTime":"2017-01-31T11:30:06.795-0200"}}
      

      Either documentation should be warned that does not work for cloud, or there should be provided another way to retrieve the value for token in the response body.

      Workaround

      When calling the session endpoint just store all the cookie information in a file and use that to authenticate. E.g.:

      1. Store the cookie in a cookie jar:
        curl -c cookie.txt -H "Content-Type: application/json" -d '{"username":"XXXXXXXXX", "password":"XXXXXXXXX" }' -X POST https://INSTANCE/rest/auth/1/session
        
        OR
        
        curl --cookie-jar cookie.txt -H "Content-Type: application/json" -d '{"username":"XXXXXXXXX", "password":"XXXXXXXXX" }' -X POST https://INSTANCE/rest/auth/1/session 
        
      2. Use that to authenticate the successive REST calls:
        curl -b cookie.txt --header "X-Atlassian-Token: no-check" -H "Content-Type: application/json" -X GET https://INSTANCE/rest/........
        
        OR
        
        curl --cookie cookie.txt --header "X-Atlassian-Token: no-check" -H "Content-Type: application/json" -X GET https://INSTANCE/rest/........ 
        

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              emasiero Eduardo Masiero
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: