Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

I am not able to authenticate /rest/auth/1/session using Personal Access Token.

jeevitha
Jeevitha February 9, 2025 edited

Hi Team,

 

I am not able to authenticate /rest/auth/1/session using Personal Access Token after upgrading JIRA Datacenter to 10.3.2.

Here's the snippet which I have tried ,

curl --location --request POST 'https://jira-dev.cox.com/rest/auth/1/session?Content-Type=application%2Fjson&accept=application%2Fjson' \ --header 'Authorization: Bearer MjAzOTY1MjM4NDUyOtDq3Y/qCrXPiI/A6dSpjrmdbQsE' \ --header 'Cookie: NSC_kjsb-efw.dpy*443=ffffffff0948294545525d5f4f58455e445a4a42378b' \ --data ''

 

And I am getting following 403- forbidden error :

 

{
    "message": "The request was rejected due to two-step verification being enabled on your instance."
}

 

I have already followed the steps outlined in the link https://jira.atlassian.com/browse/JRASERVER-78353.

According to the workaround mentioned in the ticket, I am attempting to use a Personal Access Token mentioned above to authenticate the API endpoint, but it’s not working.

 

 

Also, we dont want to revert back to legacy login form (pre-10.2 behaviour) by adding the  JVM parameter due to security concerns.

Answer
Watch
Like Yolinda Burns likes this
446 views

3 answers

1 accepted

0 votes
Answer accepted
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2025 edited

Hello @jeevitha 

  1. Go to Google.com
  2. Type in "Jira data center rest api The request was rejected due to two-step verification being enabled on your instance"
  3. Click on the 'Google search' button.
  4. From the search results, click on the first result
  5. That is the existing Bug report that was logged for that problem a month ago. It also contains a description of the solution that has already been provided for that problem.

Google is fantastic. You should try it!

View More Comments
jeevitha
Jeevitha February 10, 2025

Hi @David Bakkers ,

Thank you for the suggestion.

I have already followed the steps outlined and checked the link https://jira.atlassian.com/browse/JRASERVER-78353.

According to the workaround mentioned in the ticket, I am attempting to use a Personal Access Token mentioned above to authenticate the API endpoint, but it’s not working.

Could you please assist me with this?

Also, we dont want to revert back to legacy login form (pre-10.2 behaviour) by adding the  JVM parameter due to security concerns.

Like
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2025 edited

"I am attempting to use a Personal Access Token

No you're not. You're using a SESSION COOKIE to access the SESSION COOKIE auth endpoint.

I can see it, right there, in your cURL request:

  1. https://jira-dev.cox.com/rest/auth/1/SESSION?
  2. --header 'COOKIE: <blah>'

Also, we don't want to revert back to legacy login form (pre-10.2 behaviour) by adding the JVM parameter due to security concerns.

Well, then you can't have the solution to your particular problem.

This is the same issue as described in this thread a few days ago. Jira 10.2 increased security for Session Cookies. If you want to persist with using them for accessing the REST API, then you must revert to the legacy, non two-step authentication for browser sessions.

I recommend that you liaise with your organization's IT department who can explain it to you in more detail, and also show you how to correctly use Basic Auth with PATs.

Like • Jeevitha likes this
Reply
0 votes
jeevitha
Jeevitha February 11, 2025

So the JVM parameter is required to use a cookie based APIs, even if you request the cookie session using PAT.

Reply
0 votes
Vishal Biyani
Vishal Biyani
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2025

@David Bakkers 

are you referring to this link https://jira.atlassian.com/browse/JRASERVER-78353?

View More Comments
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2025

Is that a link to the first result returned from the Google search?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
atlassian, atlassian community, loom ai, atlassian loom ai, loom, atlassian ai, record recaps of meetings, meeting recaps, loom recaps, share meeting recaps,

Loom’s guide to great meetings đŸ“¹

Join us to learn how your team can stay fully engaged in meetings without worrying about writing everything down. Dive into Loom's newest feature, Loom AI for meetings, which automatically takes notes and tracks action items.

Register today!
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Champions
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.