I'm looking to build an internal helper app using the Jira REST API. Basically to automate/make easier some things that are a pain in Jira (WHy you can't have either fixVersions or Components globally I do not understand!)
The docs are quite against using cookie-based auth with the REST API. However, my requirements are that:
I don't really see why cookie-based isn't actually the most secure here? As I see it the options are
Is there something I'm missing, or are the docs just missing this use case when they recommend not using cookie-based?
Know about their current Jira session so they don't need to re-authenticate would be best of course, but if I want that I guess I need to bit the bullet and write a proper plugin, isntead of a quick, external, helper app :)
I'm probably going to go ahead and implement with cookies, just wondering what if anything I've msised here.
Hi Adam, it seems like your question was based on Jira even though you mention confluence in the subject, so I'm answering it from a Jira point of view. I also see this is an older question but it was listed on the list of pending questions with out a response in the community, so here goes:
Another option that you may not have considered is using a service account in Jira to do the actions on the persons behalf. So, you'd create a local service account in Jira and give it only the access it needs to perform the actions it should do. We have a persona called "Jira Bot" that comments on issues, transitions them, etc. If you make a new issue on someone's behalf you can still put that person as the reporter even though Jira Bot did the actual work.
We like this method because each person doesn't have to share their credentials and it's really clear what work is being done by the bot and what is being done be the actual user.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.