Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login with API token returns 401 #148

Closed
catskul opened this issue Mar 7, 2018 · 8 comments
Closed

Login with API token returns 401 #148

catskul opened this issue Mar 7, 2018 · 8 comments

Comments

@catskul
Copy link
Contributor

catskul commented Mar 7, 2018

Using API token since I otherwise have 2FA enabled, and it does not appear to work.

Same credentials do work via jira-cmd.js project.

(Have tried normal password and also doesn't work)

? Jira Password [[email protected]]:  ****....***********
DEBUG POST https://REDACTED.atlassian.net/rest/auth/1/session
DEBUG Request: POST /rest/auth/1/session HTTP/1.1
Host: REDACTED.atlassian.net
Content-Type: application/json

{"password":"REDACTED","username":"[email protected]"}
DEBUG Cookie: atlassian.xsrf.token=REDACTED|REDACTED|lout; jsd.portal.language.anonymous=en-UK
DEBUG Response: HTTP/2.0 401 Unauthorized
Connection: close
Atl-Vtm-Backend-Time: 321
Atl-Vtm-Queue-Time: 0
Atl-Vtm-Time: 328
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Date: Wed, 07 Mar 2018 02:31:06 GMT
Server: Atlassian Proxy/0.1.195
Strict-Transport-Security: max-age=315360000; includeSubDomains; preload
Www-Authenticate: JIRA REST POST
Www-Authenticate: OAuth realm="https%3A%2F%REDACTED.atlassian.net"
X-Arequestid: REDACTED
X-Ausername: anonymous
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{"errorMessages":["You are not authenticated. Authentication required to perform this operation."],"errors":{}}
@coryb
Copy link
Contributor

coryb commented Mar 7, 2018

Yeah, it looks like the api tokens don't work with the /rest/auth/1/session endpoint go-jira uses, I will have to update it.

@coryb
Copy link
Contributor

coryb commented Mar 7, 2018

A super hacky way to get around this is to just embed it in the basic auth for the endpoint so:

endpoint: https://user%40domain.org:<api-token>@domain.atlassian.net

Where the %40 is the uri encoding of @ for the user email address.

@catskul
Copy link
Contributor Author

catskul commented Mar 7, 2018
edited
Loading

I can confirm that the work-around does work, but If I can help it I'd like to avoid leaving my API key in the config text file for the expected reasons.

I'd offer to put in the work to make the change myself, but I have 0 experience with go so would probably be an empty offer : /

@coryb
Copy link
Contributor

coryb commented Mar 7, 2018

Yeah, that is an insecure gross hack, I am trying to come up with something better, but will probably take a few days.

@coryb
Copy link
Contributor

coryb commented Mar 8, 2018

I do have some code for this working but I am trying to sort out integration test issues now (api keys for go-jira.atlassian.net dont seem to work for my test users, not sure why yet).

-Cory

coryb added a commit that referenced this issue Mar 8, 2018
@coryb
[#148] [#149] add support for api token based authentication
edb0662
@coryb
Copy link
Contributor

coryb commented Mar 8, 2018

This should work now. I have updated the docs for how to use api-tokens:
https://github.com/Netflix-Skunkworks/go-jira#authentication

@coryb
Copy link
Contributor

coryb commented Mar 8, 2018

released: https://github.com/Netflix-Skunkworks/go-jira/releases/tag/v1.0.15

@coryb coryb closed this as completed Mar 8, 2018
@catskul
Copy link
Contributor Author

catskul commented Mar 8, 2018

Horray! Thanks!

@hagna hagna mentioned this issue Mar 9, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coryb @catskul