Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Using Cookie based auth in JIRA's REST API

thomasharvey
thomasharvey March 18, 2013

I'm looking to replace the use of basic auth for a cookie based auth in one of my Google Apps Scripts - there are requests in a loop and I'm making way too many basic auth requests to be healthy. I can get the Cookie information:

["JSESSIONID=0F8028217C13F800D4BF8DC39039CECB; Path=/; HttpOnly", "atlassian.xsrf.token=BGEC-SXY8-GZJS-KSG2|14ea1fe89392c0e5c8345642b124d0af56e059b3|lout; Path=/", "crowd.token_key=\"\"; Domain=.example.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly", "crowd.token_key=p4nxzZ7IEoq8FO4gbhNEIw00; Domain=.example.com; Path=/; Secure; HttpOnly"]

and I think I'm sending that back in the header of my subsequent requests, but I still get a 401.

* Should I be sending the whole cookie array?

* Why do I have "Expires=Thu, 01-Jan-1970 00:00:10" in there?

The header being passed in looks like this:

({cookie:["JSESSIONID=FC8EC06AB4C02C6C2801EAE1F29799E1; Path=/; HttpOnly", "atlassian.xsrf.token=BGEC-SXY8-GZJS-KSG2|7e80e224abe5f460e3789e2c5316eb7b23c10173|lout; Path=/", "crowd.token_key=\"\"; Domain=.example.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly", "crowd.token_key=p4nxzZ7IEoq8FO4gbhNEIw00; Domain=.example.com; Path=/; Secure; HttpOnly"]})

* Do I need fuller headers to Jira to accept the request?

My Jira application is handing off to crowd for auth, as seen in the crowd tokens.

Any help with this is much appreciated!

Watch
Like Joel Boulet likes this
2652 views

3 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Answer accepted
Diaphel Thompson
Diaphel Thompson April 8, 2013

I got it working by passing the following through (javascript). The payload must be passed through here as well if you want to query or edit jira tickets via the API:

({headers:{Cookie:"crowd.token_key=TTiGG72Unkyfu09Keax6Xw00;

atlassian.xsrf.token=BGEC-SXY8-GZJS-KSG2|399d85922ef29a9ca8a77d5618d1cb5f9e2eaecb|lout;

JSESSIONID=B59EEDA976328EFBDD81255A0F475DE0"},

payload:"{\"jql\":\" // etc tec (your query) }

contentType:"application/json", method:"post"})

Reply
2 votes
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 18, 2013

Just sending JSESSIONID works for me, eg:

wget --header="Cookie: JSESSIONID=9975ACFD4C05998E2F72FA2D8AB9AEF9" http://.../jira/rest/

> Why do I have "Expires=Thu, 01-Jan-1970 00:00:10" in there?

IIRC that instructs the browser that it's a session-only cookie.
Reply
2 votes
John Burns4
John Burns
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 18, 2013

I don't know how much this helps, but in my java app, I use the Apache Http Client., When i analyze the traffic from it, i can see that i send the following cookie data in the request header:

Cookie: JSESSIONID=9B5B6368EA6FDF4D767E0ABA5B818010; atlassian.xsrf.token=BW9V-8CUP-BCG3-MPMB|b1e2841e7a26d7393396733854dce73caeaecce7|lin

Cookie2: $Version=1

I am not using crowd.

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events