With Basic Auth, the user credentials are passed with every request thus requiring TLS on every connection to keep that password from being passed in the clear. In the case of Jira Align, the credentials are stored on the Jira Align side and passed in each REST API request as mentioned previously.
OAuth requires the "OAuth dance" (3LO) to be completed so that Jira Align retrieves the access token as a result. The access token is sent in every REST API call via TLS as opposed to a username/password. This token can be revoked from the Jira side at any time and require another OAuth 3 Step handshake to take place to retrieve another token. By default, OAuth Access Tokens expire at 5 years. However, the token can be revoked manually at any time by going to Profile > Tools > View OAuth Access Tokens in Jira Server or Data Center or Personal Jira Settings > Manage Apps in Jira Cloud.
The username and password (or username + API Key) are combined and Base64 encoded and placed in the header.
Basic Auth is used in conjunction with HTTPS per recommendation of RFC 7617 and Jira Align Security Policies. The data is encrypted in transit to the TLS termination endpoint via TLS 1.2 ECDHE ciphers.
1A) Jira Service Account Username will be entered into the Jira Username field and Jira Service Account Password (or API Token) goes in the API Token/Jira Password field.
1B) For API Token Based Proxies that accept Basic Auth, you can enter any username in the Jira Username field and the Proxy’s API Token in the API Token/Jira Password field.
Jira Align Connector Setup – Basic Auth:
The OAuth 1.0a implementation for Jira Align is designed to setup this OAuth 1.0a Authentication between Jira Align and Jira Software. Jira Align will not utilize OAuth 1.0a in any other manner.
Create a request for Jira Align to obtain a request token.
Have the user authenticate, and send Jira Align a request token.
Convert the request token into a usable user access token.
See this article for more info: Jira REST API Example OAuth Authentication
Jira Align Connector Setup – OAuth 1.0a:
Admin > Connectors > Jira Settings > Jira Connectors
This field can be filled in with any descriptive label. Spaces and symbols will cause issues during setup so do not use these.
This is generated by Jira Align and used as part of the OAuth 3 Step Setup Process.
For specific step-by-step instructions of setting up OAuth 1.0a in both Jira Align and Jira Software, please see 1 of the 2 following articles:
James McCulleyAtlassian Team
The roadmap challenge for large scale agile enterprises Regardless of the agile framework you use, the agile enterprise has a massive scale with the challenge to connect hundreds of teams and thous...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events