I have a simple HTML form:
<form action="" method="post"> <p> <label>username <input type="text" name="username" value="<?php echo $_POST['username'] ?>"> </label> </p> <p> <label>Password <input type="password" name="password" value="<?php echo $_POST['password'] ?>"> </label> </p> <p> <button type="submit">Sign in</button> </p> </form>
Catching the post back, I'm able to authenticate and get a JSESSIONID, but then querying for projects returns the error:
You are not authenticated. Authentication required to perform this operation.
<?php if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) exit(); $data = array( "username" => $_POST['username'], "password" => $_POST['password'] ); $data_string = json_encode($data); $ch = curl_init('https://mequoda.atlassian.net/rest/auth/1/session'); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', 'Content-Length: ' . strlen($data_string)) ); $result_str = curl_exec($ch); curl_close($ch); $result = json_decode($result_str); if ( is_array($result->errorMessages) ) exit($result->errorMessages[0]); $jsessionid = $result->session->value; echo 'JSESSIONID=' . $jsessionid . "\n<br />"; // <-- THIS WORKS // Now try to GET projects $ch = curl_init('https://mequoda.atlassian.net/rest/api/2/project'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', 'cookie: JSESSIONID='.$jsessionid )); $result_str = curl_exec($ch); curl_close($ch); $result = json_decode($result_str); if(isset($result->errorMessages[0])) { exit($result->errorMessages[0]); // <-- ALWAYS RETURNS ERROR: You are not authenticated. Authentication required to perform this operation. } else { exit($result); }
Community moderators have prevented the ability to post new answers.
Depending on if you are using Cloud or Server version of JIRA, and how the admins have configured it, the JSESSIONID cookie may not be sufficient to identify your user session. (Or may not even be used at all, or may be renamed to some other name to avoid name clashes).
You ought to honour ALL the cookies in the previous response - any of these may be what is used for session management and the cookie or cookies used can change over time (especially on JIRA Cloud).
See for example the JIRA REST docs:
https://docs.atlassian.com/jira/REST/cloud/#auth/1/session-login
Note that the response contains the
Set-Cookie
HTTP headers that must be honoured by the caller. If you are using a cookie-aware HTTP client then it will handle allSet-Cookie
headers automatically. This is important because setting theJSESSIONID
cookie alone may not be sufficient for the authentication to work.
You are referring $cookiestr which is not defined. You need to use $jsessionid instead:
curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', 'cookie: JSESSIONID='.$jsessionid ));
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks. That was a typo in my example. Updated. It now returns an empty array, instead of my projects.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I too get the empty array by putting https://mequoda.atlassian.net/rest/api/2/project into my browser . Looks like your request is not authenticated.
As self test please try to loging under the same user through the JIRA UI, open a new tab in the same browser and paste the project REST URL.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Good idea. When I do that, I see a JSON dump with lots of projects. So the jsessionid doesn't seem to be working. Any suggestions? Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I do not see any flaws in the code. Probably because I am not PHP developer . Anyway somehow the JSESSION cookies is not passed right. Please check the doc in case you have not seen it before: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-cookie-based-authentication. Also you may try basic authentication: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-basic-authentication
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please check the doc in case you have not seen it before: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-cookie-based-authentication.
Unfortunately those docs hint that JSESSIONID is enough ... that used to work most of the time - unless you did SSO or other advanced configuration.
In JIRA Cloud we are changing the user session management and need to update those docs:
https://jira.atlassian.com/browse/JRA-62515
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Great! Glad it wasn't my mistake. I got it to work following the new documentation. Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.