From 36fcfeeb8fcfe995ffcde8cfcb1ed71f313141f6 Mon Sep 17 00:00:00 2001 From: Fabien Degomme Date: Thu, 17 Oct 2024 01:01:30 +0200 Subject: [PATCH 1/3] Update authentication method with token --- README.md | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3294303..d5740ea 100644 --- a/README.md +++ b/README.md @@ -244,17 +244,30 @@ tokens as documented in [Using PATs](https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html#UsingPersonalAccessTokens-UsingPATs) Atlassian documentation. -As documented, PATs should be used without a username in Authorization header as -Bearer tokens. Following is an example of using PAT token stored in `authinfo` +As [documented here](https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/#supply-basic-auth-headers), create an API token for Jira then build a string of the form `useremail:api_token`. Then encode the string into base64 then add this block into your emacs configuration: + +``` +(setq jiralib-url "https://yourcompany.atlassian.net") +(setq jiralib-token + (cons "Authorization" + (concat "Basic " ""))) +``` + +If you want to use `authinfo` file, set `password` field as `useremail:api_token` base64 encoded. + +As documented, PATs should be used with a username in Authorization header as +Basic tokens. Following is an example of using PAT token stored in `authinfo` to authenticate to JIRA: ```lisp (setq jiralib-token (cons "Authorization" - (concat "Bearer " (auth-source-pick-first-password - :host "jira.company.com")))) + (concat "Basic " (auth-source-pick-first-password + :host "yourcompany.atlassian.net")))) ``` +NOTE FOR PR REVIEWER: should we do the base64 encoding into `(setq jiralib-token)` by using `login` and `password` from `authinfo` file instead of setting `login:password` (password == token) base64 encoded? + #### Last Resort Authorization workaround (NOT secure) However, if all else fails (your Jira instance has disabled basic auth entirely), you can still get in by copying your web browser's From 442faf23abdc36eb16a6236dec36e232a01826e1 Mon Sep 17 00:00:00 2001 From: Fabien Degomme Date: Thu, 17 Oct 2024 01:03:08 +0200 Subject: [PATCH 2/3] Adf a little precision in NOTE FOR PR REVIEWER --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d5740ea..be463fa 100644 --- a/README.md +++ b/README.md @@ -266,7 +266,7 @@ to authenticate to JIRA: :host "yourcompany.atlassian.net")))) ``` -NOTE FOR PR REVIEWER: should we do the base64 encoding into `(setq jiralib-token)` by using `login` and `password` from `authinfo` file instead of setting `login:password` (password == token) base64 encoded? +NOTE FOR PR REVIEWER: should we do the base64 encoding into `(setq jiralib-token)` by using `login` and `password` from `authinfo` file instead of setting `login:password` (password == token) base64 encoded directly into `(setq jiralib-token)`? #### Last Resort Authorization workaround (NOT secure) However, if all else fails (your Jira instance has disabled basic auth From a0f300aed46eeae543a571f6fc21d3e7b20148ac Mon Sep 17 00:00:00 2001 From: Fabien Degomme Date: Thu, 17 Oct 2024 01:06:30 +0200 Subject: [PATCH 3/3] Forgot another precision in NOTE FOR PR REVIEWER :) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index be463fa..a7fb60e 100644 --- a/README.md +++ b/README.md @@ -266,7 +266,7 @@ to authenticate to JIRA: :host "yourcompany.atlassian.net")))) ``` -NOTE FOR PR REVIEWER: should we do the base64 encoding into `(setq jiralib-token)` by using `login` and `password` from `authinfo` file instead of setting `login:password` (password == token) base64 encoded directly into `(setq jiralib-token)`? +NOTE FOR PR REVIEWER: should we do the base64 encoding into `(setq jiralib-token)` by using `login` and `password` from `authinfo` file instead of setting `login:password` (password == token) base64 encoded directly into `(setq jiralib-token)` or `authinfo` file? #### Last Resort Authorization workaround (NOT secure) However, if all else fails (your Jira instance has disabled basic auth