atlassian_{confluence,jira}: clarify API authentication #3693
Conversation
efd6
added
bug
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
🌐 Coverage report
|
There was a problem hiding this comment.
I was reviewing the README to see if there were any additional changes that could help. I noticed something that makes me question the original intent of the "Personal Access Token". It says
JIRA Cloud only supports Basic Auth using username and a Personal Access Token.
That makes me think the "Personal Access Token" was intended for use with Atlassian Cloud. If that's the case then perhaps we can just fully remove the "Personal Access Token" and only support Basic Auth for both self-hosted Jira and Atlassian Cloud.
@legoguy1000 Do you recall the intent behind the "Personal Access Token"? Was that for the Atlassian Cloud case?
|
So if I recall everything from my testing, the self hosted confluence and JIRA support basic auth with user/password OR Bearer auth header with a PAT. Cloud versions only supported basic auth with email/token. When I updated the integrations to support cloud, I let the basic auth option for either and Auth header only for self hosted. |
|
Is there a decision on this? |
Yeah, it looks to be true that a PAT can be used with self-hosted JIRA via a So I think we should clarify the readme by
In UI description of the "Personal Access Token" I think it should mention that this is only for self-hosted JIRA (or not for Atlassian Cloud). This will help steer users toward the correct fields if the don't read the README. |
|
I would make it clear that the PAT in the Auth header is only for self
hosted. U CAN use a PAT with ur username in Basic auth for cloud.
…On Mon, Jul 25, 2022 at 8:42 AM Andrew Kroh ***@***.***> wrote:
the self hosted confluence and JIRA support basic auth with user/password
OR Bearer auth header with a PAT
Yeah, it looks to be true that a PAT can be used with self-hosted JIRA via
a Authentication: Bearer <pat> header.
https://developer.atlassian.com/server/jira/platform/rest-apis/
So I think we should clarify the readme by
- stating the two options for authenticating to "self-hosted" JIRA,
- stating that only basic auth can be used to Atlassian Cloud (mention
the specific field names from the UI),
- and adding links to Atlassian documentation like
-
https://developer.atlassian.com/server/jira/platform/basic-authentication/
-
https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html
-
https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/
In UI description of the "Personal Access Token" I think it should mention
that this is only for self-hosted JIRA (or not for Atlassian Cloud). This
will help steer users toward the correct fields if the don't read the
README.
—
Reply to this email directly, view it on GitHub
<#3693 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADEEL4HRE62CDKTTA4NYPX3VV2KWBANCNFSM53M3ASZA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
IMO if we removed the abstraction from the UI / manifest.yml then determining what options to set based on use case gets simpler. Like if the UI had three config field, Basic Auth Username, Basic Auth Password, and Bearer Authentication Header then when I'm reading the Atlassian documentation I have a straight forward way to map things into our UI. The descriptions of the fields can still be there to guide users as to what to enter based on whether that are connecting to Jira Server (self-hosted) or Atlassian Cloud. |
| ## Logs | ||
|
|
||
| ### Audit | ||
| z### Audit |
There was a problem hiding this comment.
😆
The consequence of using hot-row modifiers.
|
/test |
What does this PR do?
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots