Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/improve api tokens #269

Closed
wants to merge 2 commits into from
Closed

Feat/improve api tokens #269

wants to merge 2 commits into from

Conversation

jonathanverner
Copy link

This pull requests contains two improvements to API TOKEN handling:

  1. The first improvement (commit 957284f) allows reading the api token from an external command
  2. The second improvement allows using PAT tokens with an on-premise (local) jira server

@jonathanverner
Allow reading token from the config file, env variable & command output.
45a70be 
Some users might prefer to keep their passwords/api_tokens in a keychain
so as not to expose them unencrypted in an ENV variable or a config
file.

This commit introduces an `api_token_cmd` config key (and a
corresponding `JIRA_API_TOKEN_CMD` environment variable) which,
if set, specifies a command to run whose output will provide the value
of the api token.

This can be set to, e.g.,

`kwallet-query -r my.jira.server.com kdewallet`

for the KDE KWallet, or an appropriate command for other keychains or
password managers.

See also Issue ankitpokhrel#247.
@jonathanverner
Use bearer header authorization for PAT tokens.
b3fa28e 
It seems PAT tokens (for on-premise JIRA servers) don't use basic auth
but rather set the Authorization header to "Bearer " + token.

See ankitpokhrel#268.
ankitpokhrel
ankitpokhrel reviewed Jan 16, 2022
View reviewed changes
Copy link
Owner

@ankitpokhrel ankitpokhrel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @jonathanverner, Thank you for working on this 🙏🏻

I added a few comments and I think the implementation can be simplified a bit. Let me know what you think.

pkg/jira/client.go
@@ -222,7 +225,11 @@ func (c *Client) request(ctx context.Context, method, endpoint string, body []by
req.Header.Set(k, v)
}

req.SetBasicAuth(c.login, c.token)
if c.bearer {
req.Header.Set("Authorization", "Bearer "+c.token[4:])
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

c.token[4:] Why do we need to ignore initial bytes in the token?

api/client.go
return viper.GetString("api_token_pat_cmd"), true, true
default:
return "", false, false
}
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking if we can do this a bit differently.

  • It might be better to use same JIRA_API_TOKEN env for both basic and bearer auth. The common usecase would be either to use basic or bearer.
  • A new env JIRA_AUTH_TYPE which could specify whether it is a bearer or basic auth (basic by default).
  • A new env JIRA_AUTH_CMD which will be invoked to get the token if it is set.

Also, I wouldn't add tokens directly in the config file. One of the idea behind config file for me was also to be able to share it with colleagues or commit it in vcs and storing tokens in the config defeats that purpose.

@ankitpokhrel
Copy link
Owner

Closing due to inactivity. The branch has diverged a bit and some part of this PR is done in #327. Please feel free to comment or open a new PR for further discussion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ankitpokhrel ankitpokhrel ankitpokhrel left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonathanverner @ankitpokhrel