GitHub Authentication token to use in Jira automation rule

sunny-gitdev June 12, 2024

 

Hi Team,

 

I have set up a following integration that links all GitHub organization repositories to JIRA.

https://support.atlassian.com/jira-cloud-administration/docs/integrate-with-github/

 

I am currently working on setting up a simple web request in the JIRA automation to trigger a GitHub actions workflow. I want to avoid using a Personal Access Token (PAT) from GitHub in the web request.

AFAIK, tokens in GitHub have a short lifespan, and using a PAT/classis token for production workflow is not recommended.

 

Is there an alternative authorization token I can see? Can I utilize any other type of token from GitHub within the JIRA automation, or is there another method for making a REST API Calls from JIRA automation web request?

 

Thank you! 

1 answer

0 votes
baban kumar June 13, 2024

Hi Sunny 

Were you able to generate the github app token at runtime in web request?

I am also struggling with same issue where we do not want to use PAT while calling github action from Jira web request. 

Gaurav Yadav June 26, 2024

+1

sunny-gitdev June 27, 2024

Hi @baban kumar and @Gaurav Yadav,

 

Currently, there is no direct way in Atlassian to generate a runtime GitHub app token in JIRA web request. An alternative solution would be to send a request to Lambda and let Lambda handle the authentication part with GitHub; though this would add additional latency and complexity may vary based on your use cases.

 

However, I have found a way to use a Personal Access Token (PAT) in JIRA automation. There are three possible ways:

1) When creating a PAT for your existing user, you can either set a custom expiry date far away in the future for fine-grained tokens, or for classic tokens, set no expiration date at all. GitHub strongly recommends that you set an expiration date for your token to help keep your information secure.

 

2) FYI - I have tested my case with my github user PAT in JIRA automation it's working as expected, and further I will be using the following way to to prevent my user PAT from being used in production:

 - You can create the service/machine user account (a brand new user account on Github.com); however an organization administrator will need to invite the account into the organization, either as an outside collaborator on an organization repository(granting read, write, or admin access), or to a team with access to the repositories it needs to automate (granting the permissions of the team).

 

3) By creating an OAuth app and authorizing the OAuth App using the device flow, you can generate a long-lived token that doesn't have to be re-generated (with no expiry as far as Github can see) to use with JIRA.
 
Please note that:

  • This will require a machine user (or a normal user) to authorize the OAuth App.
  • The Create a workflow dispatch event API endpoint requires that the OAuth App token has the repo scope.

 

I hope this information helps in your use case.

 

 

Thanks,

Sunny 

 

Like Gaurav Yadav likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events