Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Authenticating JIRA Rest API via Office 365 Oauth

Hi there,

 

I have been through many, many jira community questions/stackoverflow/all the REST documentation and haven't been able to pin down the exact required steps for authenticating JIRA rest API via Oauth2 (Office365).

Current setup:

- Custom JIRA cloud instance (<mycompany.jira.atlassian.net)

- Basic auth disabled / SSO via Office365 enabled

- Oauth 2.0 via AzureAD/Office 365

 

Endpoint I am testing: mycompany.jira.atlassian.net/rest/api/latest/issue/ISSUE-123

I am using Postman to test the API call. I have tried various methods and will outline the difference responses I get below. From my reading, I have been unclear on what combination of these things I need to authenticate an endpoint:

- JIRA API Token

- Oauth2.0 Token from SSO provider

- Certificates outlined in JIRA Oauth docs (public_key.pem, key.pcks8, private_key.pem, public_key.cer)

 

I have added my private key to postman in postman > settings as well as adding the appropriate keys to application links in JIRA admin as outlined in documentation.

 

Test 1 (API Key auth, similar to curl -u my.username:api-key):

GET mycompany.jira.atlassian.net/rest/api/latest/issue/ISSUE-123

Accept: application/json

Content-Type: application/json

Authorization: Basic <base64encoded(my.username:jira-api-key)>

 

Response (The issue absolutely exists, and I am able to view the JSON structure when visiting the rest/api url directly in the browser): 

{"errorMessages":["Issue does not exist or you do not have permission to see it."],"errors":{}}

 

Test 2:

GET mycompany.jira.atlassian.net/rest/api/latest/issue/ISSUE-123

Accept: application/json

Content-Type: application/json

Authorization: Bearer <Oauth2 token from AzureAD/Office365>

 

Response:

{"message":"Client must be authenticated to access this resource.","status-code":401}

 

 

Any help or context from anyone who has gotten this working would be greatly appreciated. I did read somewhere that JIRA rest may only support Oauth1... However I see a plugin here that does what I seek:

https://plugins.miniorange.com/rest-api-authentication-using-azure-ad-as-oauth-provider

This plugin is only supported for server/data-center and not cloud hosted so I cannot use it - so wondering how to accomplish authenticating endpoint on my own.

1 answer

0 votes
Dario B Atlassian Team Nov 18, 2020

Hello @noah.damiani ,

Welcome to the Atlassian Community!

If you are not building an app or a connect add-on, and you just need to authenticate REST API calls against Jira (or Confluence) Cloud then you can either use basic authentication with an Atlassian account email address and API token or Oauth. For details see:

 

Now, since Test 1 is failing for you, can you kindly confirm the following:

  1. You have created the API token for your user by going to https://id.atlassian.com/manage/api-tokens
  2. You can successfully run your REST API call using curl as in below example:
    curl -u <EMAIL-ADDRESS>:<API-TOKEN> -D-"https://mycompany.jira.atlassian.net/rest/api/3/issue/ISSUE-123"

    In case above test fails please paste the output in your reply (making sure to remove the sensitive data).

 

Cheers,
Dario

Hi Dario,

I am also facing the same issue, I tried running below command

curl -u <emailid>:<token> -H "Accept: application/json" -H "Content-Type: application/json" -X GET https://<domain>/rest/api/2/issue/createmeta

 

I am getting this message

<meta name="application-name" content="JIRA" data-name="jira" data-version="8.5.6">
</head>
<body id="jira" class="aui-layout aui-style-default page-type-message" data-version="8.5.6" >
<div class="aui-page-panel"><div class="aui-page-panel-inner">
<section class="aui-page-panel-content">
<header class="aui-page-header"><div class="aui-page-header-inner">
<div class="aui-page-header-main">
<h1>Unauthorized (401)</h1>
</div><!-- .aui-page-header-main -->
</div><!-- .aui-page-header-inner --></header><!-- .aui-page-header -->
<div class="aui-message aui-message-warning warning">
<p>Encountered a <code>&quot;401 - Unauthorized&quot;</code> error while loading this page.</p>
<p>Basic Authentication Failure - Reason : AUTHENTICATED_FAILED</p>
<p><a href="/secure/MyJiraHome.jspa">Go to Jira home</a></p>
</div>
</section><!-- .aui-page-panel-content -->
</div><!-- .aui-page-panel-inner --></div><!-- .aui-page-panel -->
</body>
</html>

Dario B Atlassian Team Jun 23, 2021

Hello @Pratik Bhopi ,

Welcome to the Atlassian Community!

Please notice you are adding your reply to a question that was asked 1.5 years ago against Jira Cloud, while apparently you are using Jira Server 8.5.6.

Basic Authentication in Jira Server is done by using username and password instead of email address and api token.

For further details on this please refer to the documentation for Jira Server:

 

Cheers,
Dario

my bad, I was doing wrong method.

It worked with username and password

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you