JIRA api using Oauth1.0 with SHA256 hashing method

Ahmad March 28, 2019

Is there is a way to call jira api using Oauth1.0 with SHA256 hashing method. I already try using SHA1 and it's works. However, when I use SHA256 hashing method I got message [oauthproblem=token_rejected].
We need to use SHA256 because it looks like SHA1 is known to be vulnerable to collision attacks. Is it something need to be configured in JIRA to call the api using Oauth1.0 with SHA256 hashing algorithm?

1 answer

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 3, 2019

Hello Ahmad,

Jira server and DC support Oath with SHA1, as you stated. The cloud side products can support SHA256 for Oauth, but this will not be available to you since you’re running Datacenter.

With this said, security and encryption is always a must have and your idea to use SHA256 on the server products should be submitted as a feature request. If you would, could you please create a feature request at Create Feature Request? When you’re creating your issue, ensure you select suggestion (This means feature request). Once you have your request submitted, please paste the link to the issue here so others may find it.

Regards,
Stephen Sifers