Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian JIRA Rest API returning unauthorized 401 while calling along with JWT

Kaushal Jain
Kaushal Jain April 13, 2018

I am developing a JIRA add-on that creates a JIRA issue. I cannot use basic authentication (that is using the admin username and password) for the REST API calls because of functional requirements henceforth, I have to stick with JWT.

I am using the atlassian-jwt module for node.js to generate the JWT token:

 

var now = moment().utc();

var req = {
    method: 'GET',
    originalUrl: '/rest/api/2/application-properties/advanced-settings'
};

var token = {
    "iss": 'issuer-val',
    "iat": now.unix(),                      // the time the token is generated
    "exp": now.add(3, 'minutes').unix(),    // token expiry time (recommend 3 minutes after issuing)
    "qsh": jwt.createQueryStringHash(req)   // [Query String Hash](https://developer.atlassian.com/cloud/jira/platform/understanding-jwt/#a-name-qsh-a-creating-a-query-string-hash)
};

var secret = 'The shared secret that I receive while installing the add-on';

var token = jwt.encode(token, secret);

 

The token that I am receiving above I am using the same to call the REST API. However even a simple GET request like:

https://my-dev-enviroment.atlassian.net/rest/api/2/application-properties?jwt=the-jwt-token

returns Unauthorized 401

I have provided the required scopes in the atlassian-connect.json file as well.

"scopes": [
        "read", "write"
    ]

 

I couldn't find any relevant source pertaining to my problem on the internet and have been searching for hours now.

Anyone with experience in developing add-ons for JIRA please guide me.

Answer
Watch
Like # people like this
1585 views

3 answers

1 vote
Grover
Grover November 27, 2018

You're not alone. Anyword on what we might be doing wrong? Does 401 means the JWT isn't valid? If so, how can we test we've generated a valid JWT?

Reply
1 vote
Borys Lebeda
Borys Lebeda June 28, 2018

I have the same result with getting projects /rest/api/2/project

I also tried putting header Authentication: JWT .... the result was better, but still inproductive:
JIRA returned empty array of projects

Reply
0 votes
Deleted user November 15, 2019

I have the same exact problem using Javascript JWT library from atlassian. I am getting a 401 unauthorized. It also says 'qsh' doesn't match.

 

What did you guys end up doing @Grover  @Borys Lebeda  @Kaushal Jain 

 

Can someone from Atlassian help me with what I am doing wrong here?

 

The request:

The request we sent was:

Method: POST
URL: https://prod-api.zephyr4jiracloud.com/connect/public/rest/api/1.0/cycle
Headers: {
  "Connection": "keep-alive",
  "content_type": "application/json",
  "authorization": "JWT ${myJWTtoken}",
  "zapiaccesskey": "${my_issuer}",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/3.6.1 Chrome/73.0.3683.121 Electron/5.0.10 Safari/537.36",
  "accept": "*/*",
  "accept-encoding": "gzip, deflate",
  "content-type": "application/json",
  "content-length": 68
}
Body: {"name":"8:45:2 11-15-2019","projectId":"myID","versionId":"myID"}

-----------------------------------------------------------

The response we got was:

Status: 401 - Unauthorized
Headers: {
  "content-encoding": "gzip",
  "content-type": "text/plain;charset=utf-8",
  "date": "Fri, 15 Nov 2019 16:45:02 GMT",
  "server": "Apache-Coyote/1.1",
  "vary": "Accept-Encoding",
  "content-length": "164",
  "connection": "keep-alive"
}
Body: Expecting claim 'qsh' to have value 'dc8e37069edfb14c506ee47e1c4480b52d1058e44e284a2079a305736d249a0b' but instead it has the value '23432a414394e528c3de984cc5a7292081dc8995ca55cd7a97ae57b5da525589'
View More Comments
Deleted user November 15, 2019

After some hurdles, I figured it:

The req should be

req = jwt.Request = jwt.fromMethodAndUrl('POST''https://prod-api.zephyr4jiracloud.com/connect/public/rest/api/1.0/cycle');

The qsh should be 

"qsh": jwt.createQueryStringHash(reqcycle_urlbase_url)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events