Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA Rest Sevice returns 403 Forbidden

JayD
JayD December 24, 2013

Hello,

We are having JIRA running on HTTPS with Basic Authentication disabled. The problem we are facing is pecular.

Whenever we try to access an issue through RESTClient for example "https://jira.ourhost.com/rest/api/2/issue/EG-123" and through the browser we are logged into Jira UI, the RESTClient successfully returns us the information.

But in case the we log out from the JIRA UI from the browser (and clear the cache/session), the same URL returns us 403 Forbidden (from the RESTClient).

The problem persists even if we append os_authType=basic at the end and set the Basic Authntication credentials in the RestClient. Here even the authentication challenge is not thrown.

If the basic authentication is disabled, then what mode would JIRA be running on? Is there any specific reason such scenario is occuring?

Any input is appreciated.

Thank You.

Answer
Watch
Like Deleted user likes this
30746 views

3 answers

1 accepted

1 vote
Answer accepted
Aseem Parikh
Aseem Parikh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 24, 2013

Since basic auth is disabled, it makes sense that you'd get a 403 without an auth challenge. If you have no intent or desire to enable basic auth, then you should use OAuth instead.

https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+OAuth+authentication

View More Comments
JayD
JayD December 29, 2013

Hi, Thank you for the comment. Well yes, due to security reasons the basic auth isnt going to be enabled. Hence, i guess OAuth does seem a suitable succesion.

Like
Reply
0 votes
JayD
JayD December 29, 2013

Hmm.. that makes sense. The flag might only challenge for Basic Auth, hence might not be working in our case.

Reply
0 votes
Taiwo Akindele
Taiwo Akindele
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 24, 2013

Note exactly sure what the issue is in this case in particular, but the 403 response would usually imply that though you're able to authenticate, there is limited permission to perform the action or the authentication is not allowed for some other reason.

In this case you are able to access the issue when logged in through the browser so no permission issues in question

I thought you required basic authentication to be enabled to make this work though.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events