Hi
I am using Jira Server v8.14.0 and new feature - Personal access tokens.
Why I got OK(200) when do a REST call with non-existent/invalid Bearer token?
Request example:
>curl -H "Authorization: Bearer qweqwe" http://localhost:8081/rest/api/2/project
[]
I expected to get an Unauthorize(401) error as for Basic authorization.
regards,
Vadim
I haven't yet tried the Server token, but could it be that your instance allows anonymous access?
With anonymous access, such as https://jira.atlassian.com, you can still browse issues, which means you can browse projects, and hence you should have valid results from the rest endpoint just like you would in the UI.
Again, not tested myself, but anonymous access would make sense to return an empty list. (Even if the token is invalid I suppose.)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.