It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How do you impersonate a user with JIRA oauth?

Albert Ferguson Jan 02, 2014

I have successfully gotten the JIRA Oauth rest demo working, and I can query issues, and have also created a remote link by adding the changes in this answer
https://answers.atlassian.com/questions/51273/modifying-the-rest-oauth-example-to-include-a-json-body-in-the-request">https://answers.atlassian.com/questions/51273/modifying-the-rest-oauth-example-to-include-a-json-body-in-the-request

The problem I am having is I cannot find anywhere in the documentation or tutorial how to specify the user for 2-legged oauth authentication.

Is anyone able to point me in the right direction for specifying the user when making updates?

Thanks

4 answers

3 votes
Martin Cassidy Apr 27, 2014

I've now been able to get this working using the Jira Java Rest Client, if you're using another client it should be easy enough to apply the same solution. Here's a link to my solution: https://answers.atlassian.com/questions/263719/using-oauth-and-the-jira-java-rest-client?page=1#288617

What you need to do is:

  1. Create a public and private key pair
  2. Setup the trusted application using the Jira gui, enabling the 2 legged oauth option
  3. Send requests as you normally would (foret about request tokens and access and access tokens, and include the following paramaters in the query string of your request
    1. oauth_consumer_key - the name of your consumer as set in the trusted application setup through the Jira gui
    2. oauth_token - an empty string
    3. oauth_signature_method - should be RSA-SHA1 as this is all Jira supports
    4. oauth_signature - the signature for your request, you'll have to generate this using your private key. If using Java, I recommend the net.oauth classes, same as in the Jira Oauth example (https://developer.atlassian.com/display/JIRADEV/JIRA%2520REST%2520API%2520Example%2520-%2520OAuth%2520authentication)
    5. oauth_timestamp - Again, you can generate this automatiacally with net.oauth
    6. oauth_nonce - again, generate automatically as above
    7. user_id - optional, if specified, Jira will run the restfull request as the specified user. If not given, jira will run the request using the user you specified in the Execute as of the trusted application configuration.
Harinath T Jan 04, 2018

Martin Cassidy

@Martin Cassidy

I am unable to process the user impersonate with the user_id parameter. Below is the code which I have.

OAuthConsumer consumer = new OAuthConsumer(callback, consumerKey, null, serviceProvider);
consumer.setProperty(RSA_SHA1.PRIVATE_KEY, privateKey);
consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);

 consumer.setProperty("user_id", "userB"); 

 I tried with "user_id" but not able to create the issues with the userB username.

Can you please provide me the solution how we can do user impersonate while creating/updating issues.

How I can specify the user when making updates on the issues.

Thanks you

Andreas Stenius May 04, 2018 • edited

@Harinath T this used to work, but since ~7.5.0 or some such, it doesn't any more. Not sure what is the cause for this, but Jira no longer seems to accept an empty oauth_token and the user_id parameter is not regarded.

I think there may be a new config option for 2 legged impersonation for oauth that might have been introduced (not sure yet, I'm still investigating this myself right now, as what we had stopped working when I had to replace an old oauth token.)

Edit: Sorry for the mis-information. As it turned out I was no longer a system administrator, merely an administrator. You need to enable 2-legged impersonation option for the incomming oauth link in order for it to work properly.

Harinath T May 04, 2018

 

@Andreas Stenius

Thanks for answering. I have done this by creating own plugin.

In that plugin I have created a Filter with ComponentAccessor and ApplicationUser objects.

1 vote
Luke Cyca May 06, 2014

I got this working using the API from Python.

https://gist.github.com/lukecyca/907c4a62758c068fd464

0 votes
Martin Cassidy Feb 17, 2014

I'm trying to do this as well but can't seem to find any docs about it.

0 votes
Witold Wolejszo Apr 07, 2014

Any success with 2-legged authentication and user impersonation? Can you share your results?

Albert Ferguson Apr 13, 2014

Hi Witold, I have not been able to get it to work as yet. I have been hoping that by leaving this question here, someone would provide an answer.

If I get it working I will post the details here.

Witold Wolejszo Apr 13, 2014

Thnx for answering. I spent 2 days on this with no luck. With 2-legged authentication, I expected the first token to be preauthorized - it's not. And I have no idea how to specifiy user when calling rest api.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Posted in United States

Unofficial downtown meetup week of June 3 or 4?

Hello everyone!  It's been a while since Houston's had a Atlassian Community Event (formerly Atlassian User Group meeting) so I wanted to gauge interest in an unofficial downtown meetup after wo...

23 views 0 0
View post

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you