httr: authentication issue to access JIRA API

apis
httr
jira
#1

I am trying to access a JIRA API with httr in R and I am having authentication issues.
I am also using proxy at work, but I found this link (#417) very useful (thank you!), because I could solve the proxy authentication error (407),.. but now I have error 401.

I am using the following code:

library(httr)
library(jsonlite)

url_jira_ini<-"https://jira.host/jira/rest/auth/1/session"
url_jira<-"https://jira.host/jira/rest/api/2/long_name"

credentials<-"username:password"
credentials <- base64_enc(credentials)
header_auth <- paste0("Basic ",credentials)

GET(url_jira,
add_headers(Authorization = header_auth),
set_cookies( atlassian.xsrf.token = "long_cookie_1",
JSESSIONID = "long_cookie_2"),
authenticate(user = "myusername",password = "mypassword",type="basic"),use_proxy("proxy.host",8080,username="myusername",password="mypassword", auth="basic"),verbose(),accept_json())

But after that I am getting error 401. I have tried without adding add_headers and set_cookies, but it still gives the same error.

I have tried to modify the use_proxy username and password and gives proxy authentication error (407) when I am using the wrong username and password (401 if they are correct).

But if I modify the username and password in the authenticate section, when I use wrong password and username it still gives error 401 (if the use_proxy section is using the correct username and password). When I use the correct password and username in authenticate also gives error 401.

In the first lines of the verbose output, it says 200 connection established, but in the following lines it appears status 401.

I could access to the JIRA API successfully using Postman (not the latest official Postman release, but a beta version, Postman Canary, which allowed to configure proxy with authentication). To access with Postman I had to first send a POST to url_jira_ini (the authentication site), and after that it generates 2 cookies (atlassian.xsrf.token and JSESSIONID), then I could send a GET to url_jira (the JIRA API that I want to access), which is using basic authentication and the cookie JSESSIONID to access the JIRA API.

In Postman, I have to add the following line in the body (raw):

{"username": "myusername" , "password" : "mypassword" }

Would it be possible to add a body in httr, keeping exactly the same line above used in Postman?
I tried to create a body (list) with that line, but it gives error. Any suggestions?

In case it may be useful, to access the JIRA API in Postman Canary (after configuring the proxy for authentication), I followed the next steps:

  • Delete all cookies previously generated by JIRA.
  • In the Authorization section, add Authorization "BasicAuth", and include username and password.
  • In the Body section, select "Raw" and "JSON (application/json)". And in the Body add the following text:
    {"username": "myusername" , "password" : "mypassword" }
  • Send a POST to the JIRA API authentication (url_jira_ini)
  • Check if it gives 200, and that it gives a JSESSIONID in the cookies (token needed to access the JIRA API).
  • Send a GET to the JIRA API (url_jira)

What should I do to access the JIRA API with httr?
Should I add additional headers in httr?

Please let me know if you need more information.
I need to solve this issue as soon as possible.
Thank you.

0 Likes

#2

following Cross post policy (FAQ: Is it OK if I cross-post?), here is for reference the link toward the github issue posted

1 Like

#3

Thank you @cderv.
Sorry, I did not know the Cross post policy. I should have include the link toward the github issue posted.
I have posted this issue in the JIRA community:

Hopefully, someone will help me to solve this issue soon, so I can use httr to access the JIRA API.

0 Likes

#4

Roughly, the step you describe would mean in httr the following

authenticate("username", "password", type = "basic") (type basic is alreayd the default

You can send a json body and application type in header

POST(url, body = '{"username": "myusername" , "password" : "mypassword" }', content_type_json())

I never tried on JIRA and can't try but this is how i understand your POSTMAN description.

If you have a curl call or a working script in another language that could help.

0 Likes

#5

If I'm following correctly, you're using the Atlassian Cloud instance. If so, it's much easier if you use an API token. For a working example of interfacing with the JIRA api, you can check out my sprintr package. Not the most elegant of code, but it works. :slight_smile:

1 Like

#6

@cderv, in case it helps, I got the curl code from Postman.

This is the curl call for the POST part (I have replaced the real host name with "host", and my username and password with "my_username" and "my_password", respectively):

curl -X POST
https://jira.host/jira/rest/auth/1/session
-H 'Accept: /'
-H 'Authorization: Basic ZXgzNTI1NTE6bWluanVzcGFzczM='
-H 'Connection: keep-alive'
-H 'Content-Type: application/json'
-H 'Host: jira.host'
-H 'Postman-Token: 0923a27d-0a58-4d88-8049-438750faa662'
-H 'User-Agent: PostmanRuntime/7.11.0'
-H 'accept-encoding: gzip, deflate'
-H 'cache-control: no-cache'
-H 'content-length: 54'
-H 'cookie: atlassian.xsrf.token=BRCW-NVLG-38U6-MT8S|e3980394b74e5d076589eefc05d47cd3fb6dc5d2|lin; JSESSIONID=361540FCCD23C7DDB751E5DC38615992'
-b 'atlassian.xsrf.token=BRCW-NVLG-38U6-MT8S|e3980394b74e5d076589eefc05d47cd3fb6dc5d2|lin; JSESSIONID=361540FCCD23C7DDB751E5DC38615992'
-d '{"username": "my_username" , "password" : "my_password" }'

This is the curl call for the GET part:

curl -X GET
'https://jira.host/jira/rest/api/2/search?jql=reporter+%3D+currentUser()+ORDER+BY+created+DESC'
-H 'Accept: /'
-H 'Authorization: Basic ZXgzNTI1NTE6bWluanVzcGFzczM='
-H 'Connection: keep-alive'
-H 'Content-Type: application/json'
-H 'Host: jira.host'
-H 'Postman-Token: e648878f-0fc8-41d1-b52e-3b2820960b24'
-H 'User-Agent: PostmanRuntime/7.11.0'
-H 'accept-encoding: gzip, deflate'
-H 'cache-control: no-cache'
-H 'content-length: 54'
-H 'cookie: atlassian.xsrf.token=BRCW-NVLG-38U6-MT8S|a127a1d8ecac407bc5c28f3519f0fd219643c3e6|lout; JSESSIONID=3ABA3351FEF35497FE762EDCB2C7FE10'
-b 'atlassian.xsrf.token=BRCW-NVLG-38U6-MT8S|a127a1d8ecac407bc5c28f3519f0fd219643c3e6|lout; JSESSIONID=3ABA3351FEF35497FE762EDCB2C7FE10'
-d '{"username": "my_username" , "password" : "my_password" }'

What do you suggest to do to access the JIRA API with httr (in a similar way to Postman)?

0 Likes

#7

@davidski. Thank you, I am very interested in the sprintr package.

I am not using Atlassian Cloud (Atlassian Server). Is it still possible to use the sprintr package without using Atlassian Cloud?
In case I can still use the sprintr package, could you provide an example and/or additional documents?

0 Likes

#8

Yup! You can totally connect to a hosted or on prem version with sprintr. See this section of the readme: https://github.com/davidski/sprintr#jira-server-authentication

0 Likes

#9

Thank you.
I have installed sprintr, and I tried to follow the example provided in the usage section but it does not work.
I have set the variables:

JIRA_API_URL="jira_url"
JIRA_USER="my_username"
JIRA_TOKEN="my_password"

To acces JIRA with basic authentication, I need my username, password, and additional cookies (JSESSIONID).
How can I access my JIRA url with sprintr?
Can you provide an example?

Thank you.

0 Likes

#10

To clarify, the three JIRA_ variables referenced are system environment variables (as set by something like Sys.setenv() and typically entered into .Renviron). Just in case you were setting regular R variables by accident. :slight_smile: If you were setting environment variables, please open an issue up on the sprintr issues page with the details of your set up and the error produced.

I will add that I strongly discourage username/password setups like this as this is using HTTP Basic Auth and is not a secure solution. That said, this does work on the local instance of Jira Server I have access to without setting the JSESSIONID cookie. A previous version (https://github.com/davidski/sprintr/blob/3e711bedb1856779d5ff01d84d73a29bce648323/README.md#jira-server-authentication) did use the JSESSION hack to get this to work, but that was a truly awful solution that I no longer support. :stuck_out_tongue_winking_eye:

TL;DR - Use Oauth support if at all possible. Username/Password support is believed to be working without JSESSION hacks. If the later is not accurate, please open an issue on GitHub and we can try to sort it out there!

0 Likes

#11

Thank you. I will open an issue on GitHub, and hopefully we can sort it out there. :slight_smile:

0 Likes