Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Authentication works, but can't access projects with the REST API using cURL in PHP

Corey Maass
Corey Maass December 15, 2016

I have a simple HTML form:

<form action="" method="post">
<p>
<label>username
<input type="text" name="username" value="<?php echo $_POST['username'] ?>">
</label>
</p>
<p>
<label>Password
<input type="password" name="password" value="<?php echo $_POST['password'] ?>">
</label>
</p>
<p>
<button type="submit">Sign in</button>
</p>
</form>

Catching the post back, I'm able to authenticate and get a JSESSIONID, but then querying for projects returns the error:

You are not authenticated. Authentication required to perform this operation.

<?php
if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) exit();


$data = array(
	"username" => $_POST['username'], 
	"password" => $_POST['password']
);

$data_string = json_encode($data);


$ch = curl_init('https://mequoda.atlassian.net/rest/auth/1/session');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
	'Content-Type: application/json',
	'Content-Length: ' . strlen($data_string))
);


$result_str = curl_exec($ch);
curl_close($ch);


$result = json_decode($result_str);


if ( is_array($result->errorMessages) ) exit($result->errorMessages[0]);

$jsessionid = $result->session->value;
echo 'JSESSIONID=' . $jsessionid . "\n<br />"; // <-- THIS WORKS

// Now try to GET projects
$ch = curl_init('https://mequoda.atlassian.net/rest/api/2/project');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
	'Content-Type: application/json',
	'cookie: JSESSIONID='.$jsessionid
)); 


$result_str = curl_exec($ch);
curl_close($ch);


$result = json_decode($result_str);


if(isset($result->errorMessages[0])) {
	exit($result->errorMessages[0]); // <-- ALWAYS RETURNS ERROR: You are not authenticated. Authentication required to perform this operation.
}
else {
	exit($result);
}


Watch
Like Be the first to like this
1955 views

2 answers

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
mlassau_atlassian
mlassau_atlassian
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 18, 2016

Depending on if you are using Cloud or Server version of JIRA, and how the admins have configured it, the JSESSIONID cookie may not be sufficient to identify your user session. (Or may not even be used at all, or may be renamed to some other name to avoid name clashes).

You ought to honour ALL the cookies in the previous response - any of these may be what is used for session management and the cookie or cookies used can change over time (especially on JIRA Cloud).
See for example the JIRA REST docs:

https://docs.atlassian.com/jira/REST/cloud/#auth/1/session-login

Note that the response contains the Set-Cookie HTTP headers that must be honoured by the caller. If you are using a cookie-aware HTTP client then it will handle all Set-Cookie headers automatically. This is important because setting the JSESSIONID cookie alone may not be sufficient for the authentication to work.

 

Reply
0 votes
Volodymyr Krupach
Volodymyr Krupach
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 15, 2016

You are referring $cookiestr which is not defined. You need to use $jsessionid instead:

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/json',
    'cookie: JSESSIONID='.$jsessionid
));
View More Comments
Corey Maass
Corey Maass December 16, 2016

Thanks. That was a typo in my example. Updated. It now returns an empty array, instead of my projects.

Like
Volodymyr Krupach
Volodymyr Krupach
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 17, 2016

I too get the empty array by putting https://mequoda.atlassian.net/rest/api/2/project into my browser smile. Looks like your request is not authenticated.

As self test please try to loging under the same user through the JIRA UI, open a new tab in the same browser and paste the project REST URL.

Like
Corey Maass
Corey Maass December 17, 2016

Good idea. When I do that, I see a JSON dump with lots of projects. So the jsessionid doesn't seem to be working. Any suggestions? Thanks!

Like
Volodymyr Krupach
Volodymyr Krupach
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 17, 2016

I do not see any flaws in the code. Probably because I am not PHP developer smile. Anyway somehow the JSESSION cookies is not passed right. Please check the doc in case you have not seen it before: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-cookie-based-authentication. Also you may try basic authentication: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-basic-authentication

Like
mlassau_atlassian
mlassau_atlassian
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 18, 2016

 Please check the doc in case you have not seen it before: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-cookie-based-authentication.

Unfortunately those docs hint that JSESSIONID is enough ... that used to work most of the time - unless you did SSO or other advanced configuration.
In JIRA Cloud we are changing the user session management and need to update those docs: 

https://jira.atlassian.com/browse/JRA-62515

 

Like
Corey Maass
Corey Maass December 19, 2016

Great! Glad it wasn't my mistake. I got it to work following the new documentation. Thanks!

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events