Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Using Oauth Tokens with curl

Dave Marsico
Dave Marsico July 13, 2018

I have created an Oauth Token and am using to do a "request" successfully when using Java and the rest-oauth-client-1.0.one-jar.jar

 

java -jar /var/tmp/rest-oauth-client-1.0.one-jar.jar request xxxxxxx https://jira-eng-sjc3.cisco.com/jira/rest/api/latest/issue/JIRA-1244

 

this works perfectly...

 

i get info back on the issue as expected.

 

but have yet to figure out how to do it with "curl", and the users want it...

 

/sw/packages/curl/current/bin/curl -v -X GET -H "Authorization: Bearer xxxxxxxx" -H "Content-Type: application/json" 'https://jira-eng-sjc3.cisco.com/jira/rest/api/latest/issue/JIRA-1244'
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying 171.70.36.75...
* Connected to jira-eng-sjc3.cisco.com (171.70.36.75) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: C=US; ST=CA; L=San Jose; O=Cisco Systems, Inc.; CN=Bundle_SJC1.cisco.com
* start date: Jun 19 21:35:43 2017 GMT
* expire date: Jun 19 21:35:37 2019 GMT
* subjectAltName: host "jira-eng-sjc3.cisco.com" matched cert's "jira-eng-sjc3.cisco.com"
* issuer: C=US; O=HydrantID (Avalanche Cloud Corporation); CN=HydrantID SSL ICA G2
* SSL certificate verify ok.
> GET /jira/rest/api/latest/issue/JIRA-1244 HTTP/1.1
> Host: jira-eng-sjc3.cisco.com
> User-Agent: curl/7.50.1
> Accept: */*
> Authorization: Bearer bxAb6dnCaPiLYmTadrxw6JEmcBrHLxFQ
> Content-Type: application/json
>
< HTTP/1.1 401
< Date: Fri, 13 Jul 2018 18:16:05 GMT
< Server: Apache/2.4.29 (eifweb@cisco.com - CEL 7.x) OpenSSL/1.1.0f mod_fcgid/2.3.9
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-AREQUESTID: 676x373633x1
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-ASEN: SEN-2124079
< X-AUSERNAME: anonymous
< Cache-Control: no-cache, no-store, no-transform
< WWW-Authenticate: OAuth realm="https%3A%2F%2Fjira-eng-sjc3.cisco.com%2Fjira"
< Content-Type: application/json;charset=UTF-8
< Set-Cookie: atlassian.xsrf.token=BPUR-R00M-18XV-8SSG|658a0f3d51b8fccefad0edb9c691f5d9db1aa99a|lout;path=/jira;Secure
< P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
< X-UA-Compatible: IE=edge
< Transfer-Encoding: chunked
<
* Connection #0 to host jira-eng-sjc3.cisco.com left intact
{"errorMessages":["You do not have the permission to see the specified issue.","Login Required"],"errors":{}}

appreciate if anyone has any ideas for me.

 

that 

X-AUSERNAME: anonymous

is curious

 

 

 

Answer
Watch
Like Hua Soon SIM _Akeles_ likes this
7381 views

2 answers

1 vote
Steven Heutinck
Steven Heutinck June 3, 2020

I forked a jCurl project and modified it to sign OAuth 1  requests.

https://github.com/topHatInRing/jcurl/tree/oauth

Reply
0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 16, 2018

When you are using the java jar file in the tutorial, your token is being used to help authenticate you against the REST service, but it's using the java algorithm in that jar file in order to make this authorization handshake correctly.   I am afraid it is not as straight forward as simply passing the token in the headers of a rest call using curl.

In the case of using curl directly, you actually are not being authenticated in that request.  Which is why the response from the REST service is the way it is.  

This call is complex enough when using Oauth tokens that there tends to be an expectation that you will use a coded library to make this call.  That's not to say it is impossible to make an Oauth rest call to Jira via curl, but it's not quite as easy as say a basic authorization request is via curl where you can just pass the parameters.

If you have end users that are making scripting calls or just individual requests, it's probably better to have them use the basic authentication guide instead.  It's less complicated and does not have the expectation that you need a coded library like, java in order to make the call.

View More Comments
James Brown
James Brown January 2, 2019

My users are currently using Basic Authentication with curl. This presents several issues such as login timeout/lock, passing login username and password in clear text, no persistent connection.
If Basic Authentication is Atlassian's recommendation vs OAuth, how do you suggest we restrict API access from rogue servers/users, not pass login info in clear text and preven login timeout/lock issues?

Like
Andrey Kolesnikov
Andrey Kolesnikov March 28, 2019

Thanks for this answer @Andy Heinzer but it doesn't fit with security requirements of most buttoned-up software companies.

OAuth creds are more secure and required by my organization for that reason. I'm facing this same issue as @James Brown

There's no official or community documentation anywhere as far as I have been able to find for making OAuth JIRA Server calls with cURL OR using the OAuth with the JIRA python library to get around proxy issues.

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 29, 2019

@Andrey Kolesnikov I would agree that there is no way I can to feasible use curl with OAuth that I'm aware of.  But there are python libraries you can use to oauth authentication in a programming language other than java.

Please check out https://bitbucket.org/atlassianlabs/atlassian-oauth-examples/src/master/

You can find the sourcecode and samples in php, python, perl, and others.

Like Deleted user likes this
Andrey Kolesnikov
Andrey Kolesnikov April 1, 2019

@Andy Heinzer 

Thanks for your note, Andrew. I've already successfully created an OAuth-based Python script that works, just not with a proxy between my application and JIRA's API. 

 

Using curl w/ simple auth I use the command below which gets me around the proxy (thanks to the --noproxy command):

curl --noproxy “*” -o /usr/local/airflow/data/jira_input.json -D- -u ‘+jira_client_email+‘:’+jira_client_key+' -X GET -H “Content-Type: application/json” “https://jira.domain.com/rest/api/2/search?jql=project=CC&updatedDate=-3d&startAt=0&maxResults=3000”

 

My problem is that none of the available JIRA API documentation for Python has any information about reproducing this '--noproxy' setting when instantiating the JIRA object.

 

Here's the code I'm using to create the JIRA object and authenticating:

jira_options={'server': 'https://jira.domain.com'}
oauth_dict = {
'access_token': access_token,
'access_token_secret': access_token_secret,
'consumer_key': consumer_key,
'key_cert': key_cert_data}
jira = JIRA(options=jira_options, oauth=oauth_dict)

Where could I input a command to ignore a proxy? There aren't any examples online that use OAuth.

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 4, 2019

@Andrey Kolesnikov I'm no expert in python, however I found this thread that might be helpful: https://stackoverflow.com/questions/28521535/requests-how-to-disable-bypass-proxy

It appears to offer a means to use a similar noproxy option such that curl has, but specifically for the python requests HTTPS library.

Since Atlassian's own REST API reference for Cloud appears to be using the 'requests' python library in it's examples, it seems like this approach might be useful for the sessions created for GET, POST, DELETE, etc that the rest api will use.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events