-
Bug
-
Resolution: Fixed
-
Low
-
8.14.0, 8.15.0, 8.22.3
-
None
-
8.14
-
8
-
Severity 3 - Minor
-
7
-
Problem
Calling POST on the endpoint /rest/api/2/user using personal access token ( released in Jira 8.14 ) throws status code 401 :
{"message":"This resource requires WebSudo.","status-code":401}
Environment
Tested on
- Jira 8.14 & Jira 8.15
- Server & Data Center
Steps to Reproduce
- Create a personal access token : https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html
- Hit the following REST API endpoint POST /rest/api/2/user for example :
curl -X POST 'http://localhost:48150/j8150/rest/api/2/user' \ > -H 'Authorization: Bearer NzMwMjk2NjQ2NDU1OkULPrfTFnm2rlkW+8yk+l0yXAqY' \ > -H 'Content-Type: application/json' \ > -H 'Accept: application/json' \ > -H 'X-Atlassian-Token: no-check' \ > -d '{"name": "test", "displayName": "Test User", "emailAddress": "test@test.foo", "applicationKeys": ["jira-software"]}'
Expected Results
User should be created for example :
{"self":"http://localhost:48150/j8150/rest/api/2/user?username=test222","key":"JIRAUSER10200","name":"test222","emailAddress":"test222@test.foo","avatarUrls":{"48x48":"https://www.gravatar.com/avatar/9fa50e1d623910382d5af1f9db0ff898?d=mm&s=48","24x24":"https://www.gravatar.com/avatar/9fa50e1d623910382d5af1f9db0ff898?d=mm&s=24","16x16":"https://www.gravatar.com/avatar/9fa50e1d623910382d5af1f9db0ff898?d=mm&s=16","32x32":"https://www.gravatar.com/avatar/9fa50e1d623910382d5af1f9db0ff898?d=mm&s=32"},"displayName":"Test User222","active":true,"deleted":false,"timeZone":"Europe/Amsterdam","locale":"en_NL","groups":{"size":1,"items":[]},"applicationRoles":{"size":1,"items":[]},"expand":"groups,applicationRoles"}
Actual Results
User not created with this status code returned :
{"message":"This resource requires WebSudo.","status-code":401}
Workaround
Workaround 1
Use basic authentication
Workaround 2
Disable websudo ( secure administrator sessions ) following the steps here :