For example, your session cookies can be hijacked if handled improperly. The client can now set the cookie in the header for all subsequent requests to the Jira REST API.īefore you begin, please be aware that although cookie-based authentication has many benefits, such as performance (not having to make multiple authentication calls), it also has security risks.Jira returns a session object, which has information about the session including the session cookie.The client creates a new session for the user, via the Jira REST API.This is how cookie-based authentication works in Jira at a high level: In this tutorial, we will use cookie-based (session) authentication. Any authentication that works against Jira will work against the REST API. In most cases, the first step in using the Jira REST API is to authenticate a user account with your Jira site. Furthermore, if you log in and do not have permission to view something in Jira, you will not be able to view it using the Jira REST API either. This means that if you do not log in, you are accessing Jira anonymously. Jira's REST API is protected by the same restrictions which are provided via Jira's standard web interface. If you want to use the Node JS example, you'll need to know how to use Node.js.The basics of using and administering Jira.To complete this tutorial, you need to know the following: Building an integration without using Forge or Connect? If you're building an integration that doesn't use Forge or Connect, we recommend that you use OAuth 2.0 authorization code grants (3LO) for apps over other authentication methods, such as basic authentication and OAuth 1.0a.Building a Jira Cloud app using Connect? If you're building an app that uses Atlassian Connect, authentication is built into the Atlassian Connect libraries.Building a Jira Cloud app using Forge? If you're building a Jira Cloud app on Forge, see Security for Forge apps.Have you picked the right authentication method? This is one of three methods that you can use for authentication against the Jira REST API the other two being basic authentication and OAuth. This page shows you how to allow REST clients to authenticate themselves using cookies. See the deprecation notice for more information. We strongly recommend you use either of these authentication methods in place of cookie-based authentication. Jira Cloud has deprecated cookie-based authentication in favor ofīasic authentication with API tokens or OAuth. Cookie-based authentication is deprecated
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |