It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Using Oauth Tokens with curl Edited

Dave Marsico Jul 13, 2018

I have created an Oauth Token and am using to do a "request" successfully when using Java and the rest-oauth-client-1.0.one-jar.jar

 

java -jar /var/tmp/rest-oauth-client-1.0.one-jar.jar request xxxxxxx https://jira-eng-sjc3.cisco.com/jira/rest/api/latest/issue/JIRA-1244

 

this works perfectly...

 

i get info back on the issue as expected.

 

but have yet to figure out how to do it with "curl", and the users want it...

 

/sw/packages/curl/current/bin/curl -v -X GET -H "Authorization: Bearer xxxxxxxx" -H "Content-Type: application/json" 'https://jira-eng-sjc3.cisco.com/jira/rest/api/latest/issue/JIRA-1244'
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying 171.70.36.75...
* Connected to jira-eng-sjc3.cisco.com (171.70.36.75) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: C=US; ST=CA; L=San Jose; O=Cisco Systems, Inc.; CN=Bundle_SJC1.cisco.com
* start date: Jun 19 21:35:43 2017 GMT
* expire date: Jun 19 21:35:37 2019 GMT
* subjectAltName: host "jira-eng-sjc3.cisco.com" matched cert's "jira-eng-sjc3.cisco.com"
* issuer: C=US; O=HydrantID (Avalanche Cloud Corporation); CN=HydrantID SSL ICA G2
* SSL certificate verify ok.
> GET /jira/rest/api/latest/issue/JIRA-1244 HTTP/1.1
> Host: jira-eng-sjc3.cisco.com
> User-Agent: curl/7.50.1
> Accept: */*
> Authorization: Bearer bxAb6dnCaPiLYmTadrxw6JEmcBrHLxFQ
> Content-Type: application/json
>
< HTTP/1.1 401
< Date: Fri, 13 Jul 2018 18:16:05 GMT
< Server: Apache/2.4.29 (eifweb@cisco.com - CEL 7.x) OpenSSL/1.1.0f mod_fcgid/2.3.9
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-AREQUESTID: 676x373633x1
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-ASEN: SEN-2124079
< X-AUSERNAME: anonymous
< Cache-Control: no-cache, no-store, no-transform
< WWW-Authenticate: OAuth realm="https%3A%2F%2Fjira-eng-sjc3.cisco.com%2Fjira"
< Content-Type: application/json;charset=UTF-8
< Set-Cookie: atlassian.xsrf.token=BPUR-R00M-18XV-8SSG|658a0f3d51b8fccefad0edb9c691f5d9db1aa99a|lout;path=/jira;Secure
< P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
< X-UA-Compatible: IE=edge
< Transfer-Encoding: chunked
<
* Connection #0 to host jira-eng-sjc3.cisco.com left intact
{"errorMessages":["You do not have the permission to see the specified issue.","Login Required"],"errors":{}}

appreciate if anyone has any ideas for me.

 

that 

X-AUSERNAME: anonymous

is curious

 

 

 

1 answer

0 votes
Andrew Heinzer Atlassian Team Jul 16, 2018

When you are using the java jar file in the tutorial, your token is being used to help authenticate you against the REST service, but it's using the java algorithm in that jar file in order to make this authorization handshake correctly.   I am afraid it is not as straight forward as simply passing the token in the headers of a rest call using curl.

In the case of using curl directly, you actually are not being authenticated in that request.  Which is why the response from the REST service is the way it is.  

This call is complex enough when using Oauth tokens that there tends to be an expectation that you will use a coded library to make this call.  That's not to say it is impossible to make an Oauth rest call to Jira via curl, but it's not quite as easy as say a basic authorization request is via curl where you can just pass the parameters.

If you have end users that are making scripting calls or just individual requests, it's probably better to have them use the basic authentication guide instead.  It's less complicated and does not have the expectation that you need a coded library like, java in order to make the call.

James Brown Jan 02, 2019

My users are currently using Basic Authentication with curl. This presents several issues such as login timeout/lock, passing login username and password in clear text, no persistent connection.
If Basic Authentication is Atlassian's recommendation vs OAuth, how do you suggest we restrict API access from rogue servers/users, not pass login info in clear text and preven login timeout/lock issues?

Andrey Kolesnikov Mar 28, 2019

Thanks for this answer @Andrew Heinzer but it doesn't fit with security requirements of most buttoned-up software companies.

OAuth creds are more secure and required by my organization for that reason. I'm facing this same issue as @James Brown

There's no official or community documentation anywhere as far as I have been able to find for making OAuth JIRA Server calls with cURL OR using the OAuth with the JIRA python library to get around proxy issues.

Andrew Heinzer Atlassian Team Mar 29, 2019

@Andrey Kolesnikov I would agree that there is no way I can to feasible use curl with OAuth that I'm aware of.  But there are python libraries you can use to oauth authentication in a programming language other than java.

Please check out https://bitbucket.org/atlassianlabs/atlassian-oauth-examples/src/master/

You can find the sourcecode and samples in php, python, perl, and others.

Andrey Kolesnikov Apr 01, 2019

@Andrew Heinzer 

Thanks for your note, Andrew. I've already successfully created an OAuth-based Python script that works, just not with a proxy between my application and JIRA's API. 

 

Using curl w/ simple auth I use the command below which gets me around the proxy (thanks to the --noproxy command):

curl --noproxy “*” -o /usr/local/airflow/data/jira_input.json -D- -u ‘+jira_client_email+‘:’+jira_client_key+' -X GET -H “Content-Type: application/json” “https://jira.domain.com/rest/api/2/search?jql=project=CC&updatedDate=-3d&startAt=0&maxResults=3000”

 

My problem is that none of the available JIRA API documentation for Python has any information about reproducing this '--noproxy' setting when instantiating the JIRA object.

 

Here's the code I'm using to create the JIRA object and authenticating:

jira_options={'server': 'https://jira.domain.com'}
oauth_dict = {
'access_token': access_token,
'access_token_secret': access_token_secret,
'consumer_key': consumer_key,
'key_cert': key_cert_data}
jira = JIRA(options=jira_options, oauth=oauth_dict)

Where could I input a command to ignore a proxy? There aren't any examples online that use OAuth.

Andrew Heinzer Atlassian Team Apr 04, 2019

@Andrey Kolesnikov I'm no expert in python, however I found this thread that might be helpful: https://stackoverflow.com/questions/28521535/requests-how-to-disable-bypass-proxy

It appears to offer a means to use a similar noproxy option such that curl has, but specifically for the python requests HTTPS library.

Since Atlassian's own REST API reference for Cloud appears to be using the 'requests' python library in it's examples, it seems like this approach might be useful for the sessions created for GET, POST, DELETE, etc that the rest api will use.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Jira Software

Early Access: If you use Jenkins and Jira Software Cloud, you need to read this!

The Jira Software Cloud Team has been busy working on a simple, secure, and reliable way to integrate your build and deployment information from Jenkins with Jira Software Cloud. This means you don’t...

314 views 0 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you