Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to authenticate REST module using OAuth

Vijay Patil
Vijay Patil June 27, 2018

We have created a Jira REST module and also implemented OAuth in Servlet-Filter. We have added servlets for -

  1. /requesttoken
  2. /authorize
  3. /accesstoken

Now we are able to validate the oauth_token, sent in a REST service url (after succesfull authentication), but if we remove the annotation @AnonymousAllowed from REST module, then Jira is again calling the /requesttoken servlet and asking for authentication.

I would like to know, how we can authenticate REST module using OAuth, without annotation - @AnonymousAllowed.

Answer
Watch
Like Be the first to like this
317 views

1 answer

0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 28, 2018

If you remove that @AnonymousAllowed and suddenly your plugin stops working, this indicates to me that your REST calls made by that plugin are actually not being made in an authenticated session (nor are they passing a username/password).

Please see the guide in https://developer.atlassian.com/server/framework/atlassian-sdk/developing-a-rest-service-plugin/

It explains the behavior of that @AnonymousAllowed method and how when removed you need an authenticated session to call those methods.

In turn, since you're using OAuth you will need to walk through the guide in https://developer.atlassian.com/server/jira/platform/oauth/

It explains how you will need to create an application link in Jira, generate the keypair, and do the oauth dance in order to make sure that your REST calls are being made in an authenticated session.   There is also a related thread to this in https://community.atlassian.com/t5/Jira-questions/Rest-Plugin-for-Jira-authentication/qaq-p/730776 that @Alexey Matveev helped explain this same info.

I hope this helps.

Andy

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security