As a Jira administrator I would like to configure which paths are allowed to be accessed with personal access tokens

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: Personal Access Tokens
    • None
    • 2

      Problem Definition

      Personal Access Tokens (PAT) are available on Jira since version 8.14.0.
      As part of the implementation from JRASERVER-72019, authentication with a PAT is allowed on any endpoint, not being restricted for /rest.

      Suggested Solution

      As a Jira administrator, it would be great having a way to configure and limit PAT authentication on selected endpoints.
      It could be either an option on the UI or a system property that allows adding a list of endpoints and/or regex.

      Workaround

      Use the load balancer or the reverse proxy to limit access to specific endpoints when Authorization: Bearer request header is used.

      Administrators may want to consider an API token solution from the Atlassian Marketplace: https://marketplace.atlassian.com/search?hosting=dataCenter&product=jira&query=api%20token

            Assignee:
            Unassigned
            Reporter:
            Thiago Masutti (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: