Вход в личный кабинет Authorization code
This flow lets you securely perform the OAuth exchange of client credentials for access tokens on public clients.
Authorization code with proof key for code exchange (pkce)
This flow lets you securely perform the OAuth exchange of client credentials for access tokens on public clients. The following steps and parameters describe our implementation of this flow.
Before you begin
You’ll need to configure JIRA and download the example client first. This example client uses the consumer key “hardcoded-consumer” and the public key is:
You have to create an Application Link as described in Step 1 above and use this consumer key and the public key and leave the callback URL field empty.
Download the attached jar files:
File
Modified
Java Archive rest-oauth-client-1.0-sources.jar
Sep 27, 2022 by Felix Schmitz [Atlassian]Preview$itemLabel$itemLabelPreview$itemLabel$itemLabelbrowse for filesUpload file File description Download All The rest-oauth-client-1.0.one-jar.jar contains the sample client and the rest-oauth-client-1.0-sources.jar contains the source code. Obtain a request token from JIRAExecute this command: Replace JIRA_BASE_URL with the URL to your JIRA instance.
After executing this command you should see a response like Go to the URL in system out and login into JIRA and approve the access. Afterwards JIRA will say that you have successfully authorised the access. It mentions a verification code which we need for the next step.
Configuring OAuth 2.0 for Google, Microsoft, or your own custom server
You first need to add OAuth 2.0 integration for your mail server to use. Next, you need to configure your mail server to use this integration.
Disabling Basic Authentication
Some providers such as Google and Microsoft are planning on disabling Basic Authentication. When they do, you will not be able to create issues and comments from email and your connection to the Gmail and/or Microsoft Exchange Online server will no longer be operational.
Example Java OAuth client
This example java code demonstrates how to write a client to make requests to JIRA’s rest endpoints using OAuth authentication.
To be able to use OAuth authentication the client application has to do the “OAuth dance” with JIRA. This dance consists of three parts.
Example response
3. To retrieve a new access_token, use the refresh_token parameter. Refresh tokens may be used even after the access_token itself expires. The following request: Invalidates the existing access_token and refresh_token.Sends new tokens in the response
Get an API token
Basic auth requires API tokens. You generate an API token for your Atlassian account and use
it to authenticate anywhere where you would have used a password. This enhances security because: you’re not saving your primary account password outside of where you authenticateyou can quickly revoke individual API tokens on a per-use basisAPI tokens will allow you to authenticate even if your Atlassian Cloud organization has two-factor
authentication or SAML enabled.See the Atlassian Cloud Support API tokens#!/home/jturner/src/redradish/nagios-jira-license/venv/bin/python3
# -*- coding: utf-8 -*-
import re
import sys
from jira.jirashell import get_config, JIRA
import requests
def getlicensecounts(options, jira):
url=options[‘server’] ‘/rest/plugins/applications/1.0/installed/jira-software’
response = requests.get(url, auth=jira._session.auth)
responsejson = response.json()
return (responsejson[‘accessDetails’][‘activeUserCount’], responsejson[‘accessDetails’][‘licensedUserCount’])
def main():
options, basic_auth, oauth = get_config()
jira = JIRA(options=options, oauth=oauth)
activecount, totalcount = getlicensecounts(options, jira)
print(f”Using {activecount} of {totalcount} license slots”)
if __name__ == ‘__main__’:
sys.exit(main())
4. Make an authentication request to a rest-end point
To make an authenticated request to a rest resource in JIRA execute this command:
Security recommendations
Here are some recommendations on how to improve security: