Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

I am not able to authenticate /rest/auth/1/session using Personal Access Token.

jeevitha
Jeevitha February 9, 2025

Hi Team,

 

I am not able to authenticate /rest/auth/1/session using Personal Access Token after upgrading JIRA Datacenter to 10.3.2.

Here's the snippet which I have tried ,

curl --location --request POST 'https://jira-dev.cox.com/rest/auth/1/session?Content-Type=application%2Fjson&accept=application%2Fjson' \ --header 'Authorization: Bearer MjAzOTY1MjM4NDUyOtDq3Y/qCrXPiI/A6dSpjrmdbQsE' \ --header 'Cookie: NSC_kjsb-efw.dpy*443=ffffffff0948294545525d5f4f58455e445a4a42378b' \ --data ''

 

And I am getting following 403- forbidden error :

 

{
    "message": "The request was rejected due to two-step verification being enabled on your instance."
}

 

I have already followed the steps outlined in the link https://jira.atlassian.com/browse/JRASERVER-78353.

According to the workaround mentioned in the ticket, I am attempting to use a Personal Access Token mentioned above to authenticate the API endpoint, but it’s not working.

 

 

Also, we dont want to revert back to legacy login form (pre-10.2 behaviour) by adding the  JVM parameter due to security concerns.

Answer
Watch
Like Yolinda Burns likes this
74 views

2 answers

0 votes
Vishal Biyani
Vishal Biyani
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2025

@David Bakkers 

are you referring to this link https://jira.atlassian.com/browse/JRASERVER-78353?

View More Comments
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2025

Is that a link to the first result returned from the Google search?

Like
Reply
0 votes
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2025

Hello @jeevitha 

  1. Go to Google.com
  2. Type in "Jira data center rest api The request was rejected due to two-step verification being enabled on your instance"
  3. Click on the 'Google search' button.
  4. From the search results, click on the first result
  5. That is the existing Bug report that was logged for that problem a month ago. It also contains a description of the solution that has already been provided for that problem.

Google is fantastic. You should try it!

View More Comments
jeevitha
Jeevitha February 10, 2025

Hi @David Bakkers ,

Thank you for the suggestion.

I have already followed the steps outlined and checked the link https://jira.atlassian.com/browse/JRASERVER-78353.

According to the workaround mentioned in the ticket, I am attempting to use a Personal Access Token mentioned above to authenticate the API endpoint, but it’s not working.

Could you please assist me with this?

Also, we dont want to revert back to legacy login form (pre-10.2 behaviour) by adding the  JVM parameter due to security concerns.

Like
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2025

"I am attempting to use a Personal Access Token

No you're not. You're using a SESSION COOKIE to access the SESSION COOKIE auth endpoint.

I can see it, right there, in your cURL request:

  1. https://jira-dev.cox.com/rest/auth/1/SESSION?
  2. --header 'COOKIE: <blah>'

Also, we don't want to revert back to legacy login form (pre-10.2 behaviour) by adding the JVM parameter due to security concerns.

Well, then you can't have the solution to your particular problem.

This is the same issue as described in this thread a few days ago. Jira 10.2 increased security for Session Cookies. If you want to persist with using them for accessing the REST API, then you must revert to the legacy, non two-step authentication for browser sessions.

I recommend that you liaise with your organization's IT department who can explain it to you in more detail, and also show you how to correctly use Basic Auth with PATs.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events