Does JIRA allows basic authentication setup as an Oauth with jira-python

Thanks Daniel . This should help me but is there something in python to perform Oauth dance and configuration , actually i was making some scripts to update jira-issues using jira-python so the problem is when we connect jira using basic-auth it ask password every time when i pass it to via getpass . so to avoid this i have three plans mentioned bellow to do could you suggest which will be applicable.

1. JIRA Oauth 

2.  user switcher ( connect with a default super user as admin and switch it to current user after connect to jira)

3. LDAP user authentification (Does jira allows as user's are inside jira??)

Hi Ashish

I use Jira python for similar purposes. To avoid entering password every time, I just hard coded the password in the script. Do you have any concern to do the same? Or your script is being used by different individuals so that they have to input their own user name and password?  I would recommend to use a general account for this purpose, and hard code the user name and password.

There are some implementations to perform Oauth using python, for example, https://pypi.org/project/jira-oauth/, I did not try it by myself. Actually, to perform Oauth dance, you don't have to use the same language as you do for actual authentication, it is just a one time short to get the token, after that, you can just use your python script to login using the token.

As for your 3 options

I don't quite understand #2 and #3

2. I think you have to re-authenticate if you want to switch user. Actually, even if you use OAuth, all the permission you have are limited to the user who performed the dance.  

3. What you referred to by saying "Does jira allows as user's are inside jira??" ?

Hi Daniel,

We can't hard coded the password because it will use by different individuals and they input their name and password . Currently we are using general account as an admin (SU_PM_AVS) but problem is all the update goes from that account name like SU_PM_AVS added a comment etc..here we want user account name instead of SU_PM_AVS

#2 we want something like connect by SU_PM_AVS  that allow to switch user for all the update by user account name without authentication 

#3 can we integrate jira with LDAP server 

And can you share what will be all limitations to the users who performed the dance??

Hi Ashish

As my understanding, you have a generic script that will be executed by multiple users to update Jira issues, and you want to keep track of the changes on Jira server by individual users instead of a generic account, at the same time, entering user name and password is something you want to avoid, is that true? If yes, it is a little bit controversial, I am curious why you have to identify individual user for a repeated, generic operation (implemented in the script).

Anyhow for your bulletins

#2 we want something like connect by SU_PM_AVS  that allow to switch user for all the update by user account name without authentication 

I don't think it is possible no matter you use simple login or Oauth.

#3 can we integrate jira with LDAP server 

Jira allows you to add your AD directory as user groups and grant permission to the group, but even with that, you still have to login either through web interface or api.

#4 And can you share what will be all limitations to the users who performed the dance??

In Jira, a client is authenticated as the user involved in the OAuth dance and is authorized to have read and write access as that user. The data that can be retrieved and changed by the client is controlled by the user's permissions in Jira.

If you login through Oauth, all the requests are made as the user who authorized the initial request token. 

In conclusion, I am thinking a workaround for your case. For each individual, save their user name and password in a pre-defined local path/file on the machine where they will run the script, assuming each individual will run the script from their own pc, All users need to use the same path/file name. And read the user name and password from that file in your script.