Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Connect apps and OAuth 2/3 for Jira #649

Open
lukaszgryglicki opened this issue Apr 9, 2020 · 3 comments
Open

Add support for Connect apps and OAuth 2/3 for Jira #649

lukaszgryglicki opened this issue Apr 9, 2020 · 3 comments

Comments

@lukaszgryglicki
Copy link
Contributor

Hi, Perceval only supports Jira backend either as an anonymous user (without providing any credentials at all) or basic auth (via username/password pair).

  • Anonymous access if often disabled on existing Jira instances.
  • Basic auth is only enabled on few Jira instances, most switched to either OAuth 2/3 or Connect Apps. Additionally, basic auth is not recommended, see here (REST API basic authentication is deprecated and will be removed in the future).

Connect apps is the newest and most recommended way of supporting authentication/authorization (it uses JWT tokens, also the Linux Foundation uses JWT token for its Linux Foundation ID (LFID) logins - many LF projects Jiras use this - example ONAP, OPNFV and many more).

Documentation for connect apps is here and for OAuth is hereand there.

This is an important improvement because the current state of Jira backend actually almost blocks Jira usage (it only works in anonymous mode or in deprecated basic auth mode which is usually disabled in most Jira instances).

@sduenas sduenas added the hacktoberfest-accepted Hacktoberfest tasks 2020 label Sep 30, 2020
@ooigavin
Copy link

Hi would love to give this a go as a first issue. Might need abit of time to get familliar with the codebase

@ooigavin
Copy link

Hi, just wanted to clarify some things. From the jira documentation I can see that password basic auth & cookie-based auth have been deprecated. The recommended method for Basic auth now is via api tokens.

While it is still better to use Oauth to authenticate the requests, currently for non-connect apps, the only grant type available is the code authorization type, which requires a browser. In the context of the perceval CLI, this does not seem to make much sense to implement?

For connect apps however they do allow 2-legged Oauth via the use of a JWT. For the scope of this PR, is it alright if i add api tokens as a means of Basic auth for non-connect apps and use JWT for connect apps?

image

@ooigavin
Copy link

** apologies after further reading, i realised that there are some differences between apps hosted on Jira Cloud and apps self-hosted with Jira Server.

  • password basic auth is deprecated for Jira Cloud, api tokens are now the recommended method
  • api tokens are not enabled for Jira Server, and password basic auth is still the only way to perform auth without a browser

I am unclear if the current jira backend aims to support both Jira Cloud & Server, would need some clarification on this, and perhaps what the scope for this issue should be.

@sduenas sduenas added enhancement jira and removed hacktoberfest-accepted Hacktoberfest tasks 2020 labels Oct 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants