Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How do you impersonate a user with JIRA oauth?

I have successfully gotten the JIRA Oauth rest demo working, and I can query issues, and have also created a remote link by adding the changes in this answer">

The problem I am having is I cannot find anywhere in the documentation or tutorial how to specify the user for 2-legged oauth authentication.

Is anyone able to point me in the right direction for specifying the user when making updates?


4 answers

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

I've now been able to get this working using the Jira Java Rest Client, if you're using another client it should be easy enough to apply the same solution. Here's a link to my solution:

What you need to do is:

  1. Create a public and private key pair
  2. Setup the trusted application using the Jira gui, enabling the 2 legged oauth option
  3. Send requests as you normally would (foret about request tokens and access and access tokens, and include the following paramaters in the query string of your request
    1. oauth_consumer_key - the name of your consumer as set in the trusted application setup through the Jira gui
    2. oauth_token - an empty string
    3. oauth_signature_method - should be RSA-SHA1 as this is all Jira supports
    4. oauth_signature - the signature for your request, you'll have to generate this using your private key. If using Java, I recommend the net.oauth classes, same as in the Jira Oauth example (
    5. oauth_timestamp - Again, you can generate this automatiacally with net.oauth
    6. oauth_nonce - again, generate automatically as above
    7. user_id - optional, if specified, Jira will run the restfull request as the specified user. If not given, jira will run the request using the user you specified in the Execute as of the trusted application configuration.

Martin Cassidy

@Martin Cassidy

I am unable to process the user impersonate with the user_id parameter. Below is the code which I have.

OAuthConsumer consumer = new OAuthConsumer(callback, consumerKey, null, serviceProvider);
consumer.setProperty(RSA_SHA1.PRIVATE_KEY, privateKey);
consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);

 consumer.setProperty("user_id", "userB"); 

 I tried with "user_id" but not able to create the issues with the userB username.

Can you please provide me the solution how we can do user impersonate while creating/updating issues.

How I can specify the user when making updates on the issues.

Thanks you

@Harinath T this used to work, but since ~7.5.0 or some such, it doesn't any more. Not sure what is the cause for this, but Jira no longer seems to accept an empty oauth_token and the user_id parameter is not regarded.

I think there may be a new config option for 2 legged impersonation for oauth that might have been introduced (not sure yet, I'm still investigating this myself right now, as what we had stopped working when I had to replace an old oauth token.)

Edit: Sorry for the mis-information. As it turned out I was no longer a system administrator, merely an administrator. You need to enable 2-legged impersonation option for the incomming oauth link in order for it to work properly.


@Andreas Stenius

Thanks for answering. I have done this by creating own plugin.

In that plugin I have created a Filter with ComponentAccessor and ApplicationUser objects.

I got this working using the API from Python.

I'm trying to do this as well but can't seem to find any docs about it.

Any success with 2-legged authentication and user impersonation? Can you share your results?

Hi Witold, I have not been able to get it to work as yet. I have been hoping that by leaving this question here, someone would provide an answer.

If I get it working I will post the details here.

Thnx for answering. I spent 2 days on this with no luck. With 2-legged authentication, I expected the first token to be preauthorized - it's not. And I have no idea how to specifiy user when calling rest api.

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question


Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you