Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-79114

Provide an option to disable only passwords for rest api calls with basic auth

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • REST API
    • None
    • 1
    • 1
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Issue Summary

      Using username:password to make calls to Jira is not as secure as using tokens. To support legacy application, we need a way to allow basic authentication without password, but tokens in Authorization headers, like mentioned below example.

      Authorization: Basic dXNlckBleGFtcGxlLmNvbTpzZWNyZXQ=

      As of now disabling basic authentication breaks legacy authentication using the above method.

      Expected Results

      Please provide an option to disable username:password combination for rest call while allowing basic authentication with tokens.

      This function is available with a plugin "Api Token Authentication" 
      https://wiki.resolution.de/doc/api-token-authentication/2.7.x/user-guide/using-tokens-examples

      Actual Results

      While passing tokens in the authorization header with token as mentioned above works fine, there is no option to disable/block rest call with username:password conbination.

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              Unassigned Unassigned
              dsidhpura@atlassian.com Deepak Sidhpura
              Votes:
              11 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: