Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Using Oauth Tokens with curl


I have created an Oauth Token and am using to do a "request" successfully when using Java and the


java -jar /var/tmp/ request xxxxxxx


this works perfectly...


i get info back on the issue as expected.


but have yet to figure out how to do it with "curl", and the users want it...


/sw/packages/curl/current/bin/curl -v -X GET -H "Authorization: Bearer xxxxxxxx" -H "Content-Type: application/json" ''
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying
* Connected to ( port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: C=US; ST=CA; L=San Jose; O=Cisco Systems, Inc.;
* start date: Jun 19 21:35:43 2017 GMT
* expire date: Jun 19 21:35:37 2019 GMT
* subjectAltName: host "" matched cert's ""
* issuer: C=US; O=HydrantID (Avalanche Cloud Corporation); CN=HydrantID SSL ICA G2
* SSL certificate verify ok.
> GET /jira/rest/api/latest/issue/JIRA-1244 HTTP/1.1
> Host:
> User-Agent: curl/7.50.1
> Accept: */*
> Authorization: Bearer bxAb6dnCaPiLYmTadrxw6JEmcBrHLxFQ
> Content-Type: application/json
< HTTP/1.1 401
< Date: Fri, 13 Jul 2018 18:16:05 GMT
< Server: Apache/2.4.29 ( - CEL 7.x) OpenSSL/1.1.0f mod_fcgid/2.3.9
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-AREQUESTID: 676x373633x1
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-ASEN: SEN-2124079
< X-AUSERNAME: anonymous
< Cache-Control: no-cache, no-store, no-transform
< WWW-Authenticate: OAuth realm=""
< Content-Type: application/json;charset=UTF-8
< Set-Cookie: atlassian.xsrf.token=BPUR-R00M-18XV-8SSG|658a0f3d51b8fccefad0edb9c691f5d9db1aa99a|lout;path=/jira;Secure
< P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
< X-UA-Compatible: IE=edge
< Transfer-Encoding: chunked
* Connection #0 to host left intact
{"errorMessages":["You do not have the permission to see the specified issue.","Login Required"],"errors":{}}

appreciate if anyone has any ideas for me.



X-AUSERNAME: anonymous

is curious




2 answers

I forked a jCurl project and modified it to sign OAuth 1  requests.

0 votes
Andy Heinzer Atlassian Team Jul 16, 2018

When you are using the java jar file in the tutorial, your token is being used to help authenticate you against the REST service, but it's using the java algorithm in that jar file in order to make this authorization handshake correctly.   I am afraid it is not as straight forward as simply passing the token in the headers of a rest call using curl.

In the case of using curl directly, you actually are not being authenticated in that request.  Which is why the response from the REST service is the way it is.  

This call is complex enough when using Oauth tokens that there tends to be an expectation that you will use a coded library to make this call.  That's not to say it is impossible to make an Oauth rest call to Jira via curl, but it's not quite as easy as say a basic authorization request is via curl where you can just pass the parameters.

If you have end users that are making scripting calls or just individual requests, it's probably better to have them use the basic authentication guide instead.  It's less complicated and does not have the expectation that you need a coded library like, java in order to make the call.

My users are currently using Basic Authentication with curl. This presents several issues such as login timeout/lock, passing login username and password in clear text, no persistent connection.
If Basic Authentication is Atlassian's recommendation vs OAuth, how do you suggest we restrict API access from rogue servers/users, not pass login info in clear text and preven login timeout/lock issues?

Thanks for this answer @Andy Heinzer but it doesn't fit with security requirements of most buttoned-up software companies.

OAuth creds are more secure and required by my organization for that reason. I'm facing this same issue as @James Brown

There's no official or community documentation anywhere as far as I have been able to find for making OAuth JIRA Server calls with cURL OR using the OAuth with the JIRA python library to get around proxy issues.

Andy Heinzer Atlassian Team Mar 29, 2019

@Andrey Kolesnikov I would agree that there is no way I can to feasible use curl with OAuth that I'm aware of.  But there are python libraries you can use to oauth authentication in a programming language other than java.

Please check out

You can find the sourcecode and samples in php, python, perl, and others.

Like Jiří Wetter likes this

@Andy Heinzer 

Thanks for your note, Andrew. I've already successfully created an OAuth-based Python script that works, just not with a proxy between my application and JIRA's API. 


Using curl w/ simple auth I use the command below which gets me around the proxy (thanks to the --noproxy command):

curl --noproxy “*” -o /usr/local/airflow/data/jira_input.json -D- -u ‘+jira_client_email+‘:’+jira_client_key+' -X GET -H “Content-Type: application/json” “”


My problem is that none of the available JIRA API documentation for Python has any information about reproducing this '--noproxy' setting when instantiating the JIRA object.


Here's the code I'm using to create the JIRA object and authenticating:

jira_options={'server': ''}
oauth_dict = {
'access_token': access_token,
'access_token_secret': access_token_secret,
'consumer_key': consumer_key,
'key_cert': key_cert_data}
jira = JIRA(options=jira_options, oauth=oauth_dict)

Where could I input a command to ignore a proxy? There aren't any examples online that use OAuth.

Andy Heinzer Atlassian Team Apr 04, 2019

@Andrey Kolesnikov I'm no expert in python, however I found this thread that might be helpful:

It appears to offer a means to use a similar noproxy option such that curl has, but specifically for the python requests HTTPS library.

Since Atlassian's own REST API reference for Cloud appears to be using the 'requests' python library in it's examples, it seems like this approach might be useful for the sessions created for GET, POST, DELETE, etc that the rest api will use.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Jira Software

Upcoming changes to epic fields in company-managed projects

👋 Hi there Jira Community! A few months ago we shared with you plans around renaming epics in your company-managed projects. As part of these changes, we highlighted upcoming changes to epics on...

14,623 views 37 46
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you