JS hide auth details

Deleted user December 13, 2017
Hello,

When sending auth request e.g retreiving customfield id thats not on the page, i require to perform an ajax request to jira rest api with providing the auth credentials. These credentials can be seen on the client side when viewing page source code.

Is there a method to hise the auth credentials or any ideas?

Many thanks in advance for the help,
Pon

1 answer

0 votes
miikhy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 15, 2017

Hi,

Instead of sending auth credentials you might want to reuse client's JSESSIONID (cookie) which won't expose people credentials :)

Hope this helps!

Deleted user December 17, 2017

Thanks Micky!

I'm sorry, I'm quite new to using sessions (cookies). 

 

Is there an example somewhere i can go off with using cookies to get custom field values? 

 

I really appreciate your help. 

 

Thanks, 

Pon

miikhy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 18, 2017

After a second thought, you should not need authentication if your script is executed in an authenticated context. User and password from current session will be saved.

If you need to authenticate the AJAX with another user's credentials, you can use Basic Auth with AJAX as explained here: https://zinoui.com/blog/ajax-basic-authentication

That's a good way to "hide" credentials. I guess it's far better than generating a cookie and reusing it as you'll need to pass the credentials to generate a cookie anyway :)

Please note that Basic Auth is reversible and I can't imagine any "truely secure" way of authentication through ajax with no credentials displayed.

Hope this helps!

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events