Hi team,
For a product that we are building, we take PAT as an input from our customers and use it to call customer's Confluence Server URL. If an incorrect PAT is provided, we should communicate the same to our customers. Unfortunately, Confluence server doesn't return an appropriate HTTP error code, instead returns a 200 HTTP code always, like a correct PAT (only the response content differs). So, it's hard to distinguish an incorrect PAT unless we parse the response, which I don't think is a reliable way. However basic authentication with username, password results in appropriate HTTP codes - for correct credentials, 200 and 401 for incorrect ones.
For your reference, below are curl outputs when I queried Confluence spaces with PAT -
Query space with a correct PAT -
$ % curl -iH "Authorization: Bearer <correct PAT>" https://confluence.integ.***REDACTED***/rest/api/space
HTTP/2 200
date: Mon, 01 Aug 2022 05:52:32 GMT
content-type: application/json
server: nginx/1.19.2
set-cookie: JSESSIONID=916B87FE907B2D7A47BF88AEC027A0D4; Path=/; HttpOnly
x-seraph-loginreason: OK
x-ausername: admin
cache-control: no-store
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-content-type-options: nosniff
{"results":[{"id":560037,"key":"1SPAC","name":"1_space","type":"global","_links":{"webui":"/display/1SPAC","self":"https://confluence.integ.***REDACTED***/rest/api/space/1SPAC"},"_expandable":{"metadata":"","icon":"","description":"","retentionPolicy":"","homepage":"/rest/api/content/419305"}},{"id":557416,"key":"ARC","name":"ARC","type":"global","_links":{"webui":"/display/ARC","self":"https://confluence.integ.***REDACTED***/rest/api/space/ARC"},"_expandable":{"metadata":"","icon":"","description":"","retentionPolicy":"","homepage":"/rest/api/content/396145"}},{"id":561910,"key":"BLAN","name":"Blank_Space_Test","type":"global","_links":{"webui":"/display/BLAN","self":"https://confluence.integ.***REDACTED***/rest/api/space/BLAN"},"_expandable":{"metadata":"","icon":"","description":"","retentionPolicy":"","homepage":"/rest/api/content/4895011"}},{"id":561909,"key":"~confluence-space-admin","name":" confluence-space-admin","type":"personal","_links":{"webui":"/spaces/viewspace.action?key=~confluence-space-admin","self":"https://confluence.integ.***REDACTED***/rest/api/space/~confluence-space-admin"} ... [TRUNCATED]
Query space with an incorrect PAT -
% curl -iH "Authorization: Bearer <incorrect PAT>" https://confluence.integ.***REDACTED***/rest/api/space
HTTP/2 200
date: Mon, 01 Aug 2022 05:52:46 GMT
content-type: application/json
server: nginx/1.19.2
set-cookie: JSESSIONID=FBE9C5B2F91504182F3319E6EEA7A54B; Path=/; HttpOnly
cache-control: no-store
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-content-type-options: nosniff
{"results":[{"id":557057,"key":"IN","name":"Initial","type":"global","_links":{"webui":"/display/IN","self":"https://confluence.integ.***REDACTED***/rest/api/space/IN"},"_expandable":{"metadata":"","icon":"","description":"","retentionPolicy":""}}],"start":0,"limit":25,"size":1,"_links":{"self":"https://confluence.integ.***REDACTED***/rest/api/space","base":"https://confluence.integ.***REDACTED***","context":""}
Could you please help me understand if this is an expected behavior with PAT and if there is any reliable way to identify an incorrect PAT?
Thank you!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.