As a Jira administrator I would like to configure which paths are allowed to be accessed with personal access tokens

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: Personal Access Tokens
    • None
    • 2

      Problem Definition

      Personal Access Tokens (PAT) are available on Jira since version 8.14.0.
      As part of the implementation from JRASERVER-72019, authentication with a PAT is allowed on any endpoint, not being restricted for /rest.

      Suggested Solution

      As a Jira administrator, it would be great having a way to configure and limit PAT authentication on selected endpoints.
      It could be either an option on the UI or a system property that allows adding a list of endpoints and/or regex.

      Workaround

      Use the load balancer or the reverse proxy to limit access to specific endpoints when Authorization: Bearer request header is used.

      Administrators may want to consider an API token solution from the Atlassian Marketplace: https://marketplace.atlassian.com/search?hosting=dataCenter&product=jira&query=api%20token

              Assignee:
              Unassigned
              Reporter:
              Thiago Masutti (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: