How do you impersonate a user with JIRA oauth?

I have successfully gotten the JIRA Oauth rest demo working, and I can query issues, and have also created a remote link by adding the changes in this answer
https://answers.atlassian.com/questions/51273/modifying-the-rest-oauth-example-to-include-a-json-body-in-the-request">https://answers.atlassian.com/questions/51273/modifying-the-rest-oauth-example-to-include-a-json-body-in-the-request

The problem I am having is I cannot find anywhere in the documentation or tutorial how to specify the user for 2-legged oauth authentication.

Is anyone able to point me in the right direction for specifying the user when making updates?

Thanks

4 answers

I've now been able to get this working using the Jira Java Rest Client, if you're using another client it should be easy enough to apply the same solution. Here's a link to my solution: https://answers.atlassian.com/questions/263719/using-oauth-and-the-jira-java-rest-client?page=1#288617

What you need to do is:

  1. Create a public and private key pair
  2. Setup the trusted application using the Jira gui, enabling the 2 legged oauth option
  3. Send requests as you normally would (foret about request tokens and access and access tokens, and include the following paramaters in the query string of your request
    1. oauth_consumer_key - the name of your consumer as set in the trusted application setup through the Jira gui
    2. oauth_token - an empty string
    3. oauth_signature_method - should be RSA-SHA1 as this is all Jira supports
    4. oauth_signature - the signature for your request, you'll have to generate this using your private key. If using Java, I recommend the net.oauth classes, same as in the Jira Oauth example (https://developer.atlassian.com/display/JIRADEV/JIRA%2520REST%2520API%2520Example%2520-%2520OAuth%2520authentication)
    5. oauth_timestamp - Again, you can generate this automatiacally with net.oauth
    6. oauth_nonce - again, generate automatically as above
    7. user_id - optional, if specified, Jira will run the restfull request as the specified user. If not given, jira will run the request using the user you specified in the Execute as of the trusted application configuration.

Martin Cassidy

@Martin Cassidy

I am unable to process the user impersonate with the user_id parameter. Below is the code which I have.

OAuthConsumer consumer = new OAuthConsumer(callback, consumerKey, null, serviceProvider);
consumer.setProperty(RSA_SHA1.PRIVATE_KEY, privateKey);
consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);

 consumer.setProperty("user_id", "userB"); 

 I tried with "user_id" but not able to create the issues with the userB username.

Can you please provide me the solution how we can do user impersonate while creating/updating issues.

How I can specify the user when making updates on the issues.

Thanks you

@Harinath T this used to work, but since ~7.5.0 or some such, it doesn't any more. Not sure what is the cause for this, but Jira no longer seems to accept an empty oauth_token and the user_id parameter is not regarded.

I think there may be a new config option for 2 legged impersonation for oauth that might have been introduced (not sure yet, I'm still investigating this myself right now, as what we had stopped working when I had to replace an old oauth token.)

Edit: Sorry for the mis-information. As it turned out I was no longer a system administrator, merely an administrator. You need to enable 2-legged impersonation option for the incomming oauth link in order for it to work properly.

 

@Andreas Stenius

Thanks for answering. I have done this by creating own plugin.

In that plugin I have created a Filter with ComponentAccessor and ApplicationUser objects.

I got this working using the API from Python.

https://gist.github.com/lukecyca/907c4a62758c068fd464

I'm trying to do this as well but can't seem to find any docs about it.

Any success with 2-legged authentication and user impersonation? Can you share your results?

Hi Witold, I have not been able to get it to work as yet. I have been hoping that by leaving this question here, someone would provide an answer.

If I get it working I will post the details here.

Thnx for answering. I spent 2 days on this with no luck. With 2-legged authentication, I expected the first token to be preauthorized - it's not. And I have no idea how to specifiy user when calling rest api.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted yesterday in United States

Confluence Security Advisory

Good morning Members, Not sure if you are aware. Please read the following: https://www.icloud.com/keynote/0RyJ4VEdNUpjDpGfMhfZx9fEg#Confluence_Security_Advisor More details: https://co...

43 views 1 0
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you