I need to use the Jira rest API to create an issue using the user's access token, but I keep getting 403 response.
I have researched the API documentation extensively and a lot on Stack Overflow, but no success yet.
Although most of the research I have done mentioned that you should create an API token, this will not work for me since all the users connect with my Jira application using Oauth and then I get the user's access tokens when they grant access.
The Jira documentation shows that you can use the user's access token to make API calls. Please see the link and Excerpt from the link.
https://developer.atlassian.com/server/jira/platform/oauth/
Excerpt from the link mentioned above:
Step 4: Make a request
"An access token is all that we need to make an authenticated request to
the Jira REST API using OAuth. Requests are made as the user who authorized
the initial request token. The access token will persist for 5 years,
unless it is revoked."
Would someone please be able to assist me?
Thank you so much in advance.
I know I am answering my own question, but Jira support provided the correct documentation links for Oauth if someone might be interested.
Oauth 2.0 Docs:
https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/
Regards
Shaun
Related
I'm using the Amplify CLI to create a Cognito user pool for my React web application. I've found the withAuthentication UI doesn't meet my needs because I can't customize the signin form (say to remove the phone number field) or protect just part of my app.
Instead, I would like to use the Hosted UI provided by Cognito but am struggling with how to implement the Authorization Code Grant flow. Is there an easy to use the npm library to help me with this?
I've tried directly calling the /authorize endpoint as described in the docs but get a cors error when calling from localhost. I've also tried using window.location.ref to redirect to the hosted URL that the Cognito Console provides a link to. This works but when arriving back on my specified page (following the callback), parse the code from the query string, and send a POST request to the /token endpoint as described in the docs, I get a 400 status code back. Is there more I need to be doing here?
I'm very new to OAuth so would appreciate any simple explanations or pointers to basic materials a noob can understand would be great!
My resources use code flow with Cognito and will give you sonething to compare against:
Code Sample
Blog Post
A couple of pointers:
Register an OAuth client in your user pool to fix the CORS error
Trace OAuth messages from the browser and focus on getting them the same as mine
My code sample is easy to run against my Cognito endpoint. It does not use React or Amplify though - but once you understand principles it should be easy to port them to your own technology choices.
i am currently searching for a way to login into the Twitch-API using an already given id-token (oauth or even better oidc) with or without a NodeJS backend.
Background: I am using firebase connecting to various services next to Twitch-API such as Youtube (Google API), Twitter and Co. I want to use my id-token for each service.
The official documentation doesn't tell if that is possible or maybe i just couldn't find it.
Hopefully there is a solution just not yet documented.
I will struggle with the same problem using the other services aswell.
Thanks alot
You absolutely would need to create your own OAuth token as it is tied to the same Client-ID as the account that generates it.
https://dev.twitch.tv/console
Authentication has it's own flow and endpoints with the way kraken v5 and helix work.
https://dev.twitch.tv/docs/authentication
With the latest changes to the API everything now requires both the Client-ID and OAuth before it will return the requested values.
https://discuss.dev.twitch.tv/t/requiring-oauth-for-helix-twitch-api-endpoints/23916
I'm not sure exactly what "id-token" is but i'm going with "twitch-user-id and access-token".
If you have a valid access token, you have access to whatever the scopes were defined when that token was generated, you can update the token with the refresh token if you need to.
You would need to supply the Client-ID of the application the token was generated for aswell.
Unless "id-token" is meant for a different system.
I have successfully enabled a plugin to work with Azure AD . And based on the documentation I can find, Twilio encourages the idea that if you wanted to communicate from React JS app to custom APIs , then you can do so. The problem I see is that Twilio sort of ignores the fact that when communicating to those APIs from the client app, authentication must be in place between custom apis and react plugin app
How are people unifying the authentication between the Auth that takes place at the UI later and subsequent requests that are mare to backend apis? Can we reuse the token?
Within the https://www.twilio.com/console/flex/users/single-sign-on I see
Does this mean OAuth support is coming? Where can I post this question to increase the likelyhood of receiving some indicators as to which protocols are going to be supported in the near future? If twilio flex team is in fact working on adding OAuth support, I would imagine it would only benefit them to let the community know, especially those with existing microservices and OAuth based flow already preconfigured.
Ive added a issue here hopefully to get some response on this question.
https://github.com/twilio/twilio-flex-token-validator/issues/13
Twilio developer evangelist here.
This is related to the SSO tokens used within Twilio Flex.
You can re-use the token to authenticate your plugin. To do so, you'll need to validate the token from your plugin. You can do this by sending the token to the https://iam.twilio.com/v1/Accounts/{AccountSid}/Tokens/validate endpoint.
This endpoint is currently undocumented and not available within the Twilio helper libraries, which is why you have found it hard to find guidance on this, but here's how you use it.
You need to make an authenticated POST request, using your account sid and auth token (or an API key and secret) to the URL: https://iam.twilio.com/v1/Accounts/{AccountSid}/Tokens/validate
The body of the request should be JSON and contain one key, token, with the value of your SSO token.
The result will be in JSON and if the token is valid will have a key of valid set to true. If it is not, there will be a message field you can read to find more information.
If you are using Node.js, you are in luck as there is a module you can install to do all of this for you; the twilio-flex-token-validator. For more detail on making calls to the validation endpoint, you can check the source code of twilio-flex-token-validator. There is also a tutorial on how to make calls to plugins from Flex that gets to securing the plugin about halfway through.
Sorry it took all of this to get to this answer and it's not the greatest answer. Please let me know if this helps and how you get on.
I have had a search around stackoverflow, but was unable to find an answer to my question, so I thought I'd ask.
I'm currently working on an iOS app where I would like to get a feed of a public timeline without the user of the app being required to have a twitter account.
I am successfully able to do this using twitters v1.0 of the API and all works perfectly. Simply making a request to http://api.twitter.com/1/statuses/user_timeline.json?screen_name=username retrieves all the information that I require.
However, since v1.0 has been deprecated and V1.1 requires authentication for each request, I get a bad authorization error using this API. Having looked at the Twitter documentation and how to generate OAuth request headers, I don't fully understand the "Getting a signing key" section of the documentation in the link below. (this is my first time working with Twitter's API and OAuth, I'm trying to gain a good understanding, before I start the implementation)
https://dev.twitter.com/docs/auth/creating-signature
As I understand it, the consumer secret can be found when logging into twitter.com/apps but I'm not sure where I would get the "OAuth Token Secret" in order to generate a valid signing key.
Since this is an iOS app, I know I could use the TWRequest class, but to my understanding, this would require the user to have twitter setup on their device.
I hope the above makes sense and any help would be appreciated.
Thanks
If you go to the Twitter application you have set up https://dev.twitter.com/apps
You should see your Access token secret under the heading Your access token. If you don't see this then you probably haven't generated an access token yet.
Greetings!
I have some troubles enabling OAuth authentication for my web
application running on Ruby on Rails. I am using authlogic and
authlogic_oauth and that is, in the end, using OAuth gem and therefore
I decided to ask here. So shortly:
I succesfully "register" (i.e. obtain the first Access Token for the
user) but then, whenever I try to "login", I receive a differenct
access token for the same Google Account, the Authlogic-oauth plugin
fails to find the user and the login crashes. Maybe I don't understand
it right but is not the AT supposed to be the same every time. And can
it be a problem that I am accessing Google from http://localhost even
though the Customer keys are for different domain?
anyway, thanks for any reply ... I spend already 2 days with that
issue and debugging doesn't seems to lead me anywhere
Jakub
PS: I sent that question on Google Group oauth-ruby - sorry to anyone reading both channels
The AT is supposed to be different every time. OAuth is not an authentication protocol, it is an authorization delegation protocol. Try using OpenID instead: http://code.google.com/apis/accounts/docs/OpenID.html
Twitter does not give out different tokens which allows OAuth to be used as an authentication mechanism. LinkedIn doesn't do that meaning you may only use OAuth as an authorization protocol (which is what it was intended to do).
However, there is a useful API for pulling in data from LinkedIn. Of particular interest could be the Profile API.