Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,296,045
Community Members
 
Community Events
165
Community Groups

HTTPBasic token authentication for JIRA server?

Edited

My company uses JIRA server 8.20.7.  I have API tokens created using our web interface.

I've connected to REST API using OAuth + token, and I've also connected using HTTPBasic + password.

Is it possible to connect using HTPPBasic + token for JIRA server instances?  JIRA Cloud supports HTTPBasic authentication with token by replacing your password with the token string.  Does JIRA Server support this too?

If so, can someone provide a curl example?

1 answer

Why would you want to combine them? You only need one. They're headers, nothing stops you from supplying both in any HTTP request, but there is no need for it. Preferably of course you would want to use tokens as basic authentication has more downsides to it.

Thanks @Radek Dostál .  I'm not sure why the intent is relevant here.

Jira Cloud supports "HTTPBasic+token" authentication by replacing your password with your token string.  This implementation is more secure and flexible than using passwords.  My question is whether JIRA server supports this too.

We have Python scripts and libraries that connect with other REST APIs using "HTTPBasic+token", so I'd like to use those libraries for connecting with JIRA instead of writing new libraries.

Oh, my bad then - wasn't familiar with "username:token" with Cloud.

 

On server I know that -u user:pwd represents Basic (because Server did not have any REST/API tokens until recently, Cloud is somewhat ahead in that regard).

Instead of the user parameter, a header can be used in the way I mentioned earlier -H 'Authorization: Basic <base64creds>' (again, using username:pwd).

And since I 8.14 personal access tokens (PAT) were added and are used as a header also, -H 'Authorization: Bearer <token>'.

 

Quick check around I don't see any username:token option for server either. I suppose I don't quite see the need for a username, when the token itself is enough - Jira knows that token belongs to the username so in a sense, providing the username would be redundant. I've used OAuth, basic, PAT, cookie, but I never came across any basic+token combination on Server, nor do I see any documentation page about it.

Then again, wrapping everything up, if you do have a token, then you don't need the username, Jira knows the account it belongs to.

-H 'Authorization: Bearer <token>'

That header represents Oauth token-based authentication.  I don't know if the other API services we connect to all support Oauth.  But I do know they all support HTTPBasic+token.  Azure DevOps is one of them.  JIRA cloud too.

https://docs.atlassian.com/software/jira/docs/api/REST/8.20.7/

According to that documentation, our version of JIRA server supports Oauth and HTTPBasic.  And I have proven to myself that tokens work with Oauth on our server instance.  I just haven't been able to get tokens to work with HTTPBasic.  I'm trying to figure out if the feature is not supported in Server, if my syntax is wrong, or if HTTPBasic+token needs to be enabled in the server config (which I don't have access to see).

I honestly don't follow what you are trying to chase here. You seem to be creating a non-existing problem by trying to combine 2 different authentication methods. PAT is not a password substitute, it's the entire header value all by it's own.

Whatever you're trying to solve should be that py library, it should support both basic and PAT.

I guess I don't see what's complicated...  Both Azure DevOps and Jira Cloud allow users to authenticate by replacing their password with thei API token string.  I want to understand if Jira Server supports the same functionality.

I know that there are other ways to authenticate with API tokens.  My preference is to keep our internal Python libraries consistent, and only switch to a different authentication mode for Jira Server if absolutely required.

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you