How To Use Basic Authentication With Jira Rest Api In Javascript?

I'm creating a JavaScript app for a Smart TV to show dashboards on the tv. I get the list of dashboards with the JIRA REST API. The url I use for this is: jira/rest/api/2/dashboard

Solution 1:

You got this from here, I presume. Well on the same page it is explained how to "do it yourself". I will "translate" the steps that you need to do in order to manage to do the same request in JS.

1. Request Method should be GET
2. You should have 2 headers: Authorization Header and Content-Type Header. Your Content-type header should looks like: "Content-Type: application/json"

For the Authorization header:

1. Build a string of the form username:password
2. Base64 encode the string (Use window.btoa() and window.atob()) - You actually DO NOT need the second one but I put it there for reference
3. Supply an "Authorization" header with content "Basic " followed by the encoded string. For example, the string "fred:fred" encodes to "ZnJlZDpmcmVk" in base64, so your Authorization Header should look like": "Authorization: Basic ZnJlZDpmcmVk"

So in the end you need to make your GET request with the two Headers supplied and you should be Authorized. Also BEWARE Base64 is reverseable and NOT an encryption function. It is encoding. The request will go through HTTPS of course, but the Base64 encoded string could be reversed if SSL is broken.

Solution 2:

In case you are having your own JIRA instance you should whitelist your site to enable CORS for your domain first:

If you are a JIRA Server customer, simply go to the "Whitelist" section of JIRA Administration and add the domains you wish to request resources from.

Otherwise your request would end in an error, as it violates the browsers same-origin policy (http://enable-cors.org/).

Important: If you are using JIRA on demand / cloud, you won't be able to successfully access the API with Basic Authentication using pure JavaScript / client-side code. This is due to security reasons, and unfortunately there seems to be no solution provided by the Atlassian team yet. One solution to solve that, could be setting up a proxy on your server, which forwards your JavaScript requests from the browser to the actual JIRA instance.

To avoid any possible problems due to bugs in your code, I highly suggest to try access to the JIRA API by using CURL as a first step:

  curl -D- -X GET -H "Authorization: Basic %BASE64-CREDENTIDALS%" -H "Content-Type: application/json" "https://webjets.atlassian.net/rest/api/2/issue/WJ-333"

Note that you have to replace %BASE64-CREDENTIDALS% with your actual Base64 encoded user/password pair. It is important to know, that this works only with the JIRA username, not with the JIRA users email address. This might be confusing, as normally you are also able to sign-in at JIRA using the email adress but won't work with the API.

After having white-listed your domain you are ready to go - build a GET request with following details:

1. Add a content type header: Content-Type: application/json

2. Add a basic authentication header by first Base64 encoding username and password:

   var authCode = window.btoa( user + ":" + password ); var authHeader = "Authorization: Basic " + authCode;

3. Perform the request on an JIRA API endpoint URL, like:

   https://%PROJECT%.atlassian.net/rest/api/2/issue/%ISSUE-ID%

See StackOverflow question "How to use Basic Auth with jQuery and AJAX?" for approaches how to perform the request using jQuery.

Security notice: Be aware that the authorization code is not an encrypted value but an encoding. Take care where you store or provide it!