Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA API: Authenticating with Cookie

Jeremy Malouf
Jeremy Malouf January 19, 2015

Hi,

I am following the process described here to try and authenticate my API calls by passing the Cookie with a node.js https request. Don't quite know where I'm going wrong but here is my code:

After posting my login details to auth/latest/session I save the 'set-cookie' header from the response like this:

var authHeader = response.headers["set-cookie"];

Then I use the header content to pass into the "Cookie" header fr

var requestOptions = {
	host:requestHost,
	path:apiPath+requestPath,
	method:'POST',
	headers: {
		"Cookie": authHeader,
		"Content-Type": "application/json"
	}
}

The response I get back is: 

{"errorMessages":["Field 'fieldname' does not exist or this field cannot be viewed by anonymous users."],"errors":{}}

I have verified that 'fieldname' exists, so the error must be coming from the authentication. 

Watch
Like # people like this
5722 views

4 answers

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
metrics
metrics
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 22, 2015

I'm guessing here, so I'm probably wrong, but hopefully this leads you on the right path.

You're looking at headers, not cookies.  If you're looking at the raw headers, you need to extract out the actual cookie.  The header value probably looks something like "JSESSIONID=sdfdskjfhdskjfhkjsdfhskjd; Path=/; HttpOnly", and all you want to pass in for the authHeader is "sdfdskjfhdskjfhkjsdfhskjd" (or possibly "JSESSIONID=sdfdskjfhdskjfhkjsdfhskjd", I'm not sure).

Check to see if the response object has a specific cookies property, rather than a headers property, and look what's in there, and pass that instead.
Reply
Reply
0 votes
Aleksander Mierzwicki
Aleksander Mierzwicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 28, 2015

I would suggest following solution:

  1. Send authentication POST request to /rest/auth/1/session with username and password
  2. Store response.session object (I'll refer to this as theSession)
  3. Next requests execute with Cookie header set to theSession.name + '=' + theSession.value

This should just-work-fine wink

A short example using node-rest-client (I tried to get the code as short as possible to avoid confusions wink):

var Client = require('node-rest-client').Client;
client = new Client();
// let's login
var loginArgs = {
        data: {
                "username": "admin",
                "password": "admin"
        },
        headers: {
                "Content-Type": "application/json"
        } 
};
client.post("http://localhost:8090/jira/rest/auth/1/session", loginArgs, function(data, response){
        if (response.statusCode == 200) {
                console.log('succesfully logged in, session:', data.session);
                var session = data.session;
                // now let's do some request - for example get our session info
                var args = {
                        headers: {
                                cookie: session.name + '=' + session.value // the session cookie
                        }
                };
                client.get("http://localhost:8090/jira/rest/auth/1/session", args, function(sessionData, response) {
                        console.log('status code:', response.statusCode);
                        console.log('our session details:', sessionData);
                });
        }
        else {
                throw "Login failed :<";
        }
});
View More Comments
Jeremy Malouf
Jeremy Malouf January 29, 2015

Hi Aleksander, Thanks for your response! I have been able to login ok but still having trouble getting the authorization working with a search POST request. Here is my code below which is a slightly modified version of yours! function jiraPostRequest(request_path, request_args, myCallBack){ var sessionHeader = sessionInfo.name + '=' + sessionInfo.value; console.log("sessionHeader: " + sessionHeader); //LOGS AS "sessionHeader: JSESSIONID=A25B0741253BF7400BA73E031423717F" // now let's do some request - for example get our session info var args = { data:request_args, headers: { cookie: sessionHeader, // the session cookie "Content-Type": "application/json" } }; client.post("https://cohort.atlassian.net/rest/api/latest/"; + request_path, args, function(sessionData, response) { console.log('status code:', response.statusCode); console.log('our session details:', sessionData); myCallBack(response); }); } I still get this response when making the request: status code: 400 our session details: { errorMessages: [ 'Field \'LGS Campaign ID\' does not exist or this field cannot be viewed by anonymous users.' ], errors: {} } (Please note that this works when using BASIC authentication).

Like
Jeremy Malouf
Jeremy Malouf February 1, 2015

I also tried making a request to "https://cohort.atlassian.net/rest/auth/latest/session";, however I then get this response: status code: 401 our session details: { errorMessages: [ 'You are not authenticated. Authentication required to perform this operation.' ], errors: {} }

Like
Aleksander Mierzwicki
Aleksander Mierzwicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 2, 2015

Can you check with network sniffer that what you sending is what you think you're sending? :) For example start local jira and hit it with your code (without https) and record traffic with wireshark - please verify if the headers are in request. From the response from rest/auth/latest/session I deduce that your request doesn't contain the session cookie.

Like
Aleksander Mierzwicki
Aleksander Mierzwicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 4, 2015

I've quickly modified my code into searching issues (with empty JQL ;)) - http://pastebin.com/HcKqK5xK

Like
Jeremy Malouf
Jeremy Malouf February 10, 2015

Hi Aleksander - I'll try installing Wireshark to monitor the request I am making. You can see from my code above that I am adding the session cookie header (and I am verifying it's content with a console log). Is there any reason that you can think of that would cause the header not to be set?

Like
Jeremy Malouf
Jeremy Malouf February 11, 2015

Hi Aleksander - I have tried running my request through wireshark but I don't think it appears unless I use http (instead of https as you said). I'm having trouble authenticating when I switch to http though and receive a 301 error followed by "Login failed" getting thrown! How can I authenticate without using the https protocol?

Like
Aleksander Mierzwicki
Aleksander Mierzwicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 19, 2015

I can only recommend testing your code with local instance - just start JIRA with atlas-run-standalone --product jira (or in any other possible way ;)). The reason why I think that your request is wrong is that you're getting response 401 which should not happen as you've authenticated to JIRA - so either the code is not sending headers, or they are being somehow lost later. Actually, does my test code works for you? Are you able to get search results with the code I shared in http://pastebin.com/HcKqK5xK? If not, then maybe it's a proxy issue?

Like
Reply
0 votes
Jeremy Malouf
Jeremy Malouf January 26, 2015

Hey Harold,

Thanks for your response! Here is the information within the response object that I'm pulling!

The header:

Set-Cookie: JSESSIONID=6E3487971234567896704A9EB4AE501F; Path=/; HttpOnly

The body:

 

{"session":{
    "name":"JSESSIONID",
    "value":"6E3487971234567896704A9EB4AE501F"},
    "loginInfo":{
        "failedLoginCount":1,
        "loginCount":2,
        "lastFailedLoginTime":"2013-11-27T09:43:28.839+0000",
        "previousLoginTime":"2013-12-04T07:54:59.824+0000"
    }
}

 

I already tried including the header in the formats you suggested, for example:

Cookie: JSESSIONID=6E3487971234567896704A9EB4AE501F

Should I try naming the header something different such as: "JSESSIONID" or "Authorization"?

Kind regards,

Jeremy

Reply

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events