Can't log in to self-hosted Jira with API Key

[danielkza]

I generated an API key to connect to my company's Jira instance, but it does not seem to work. Set up fails with:

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Status(401, Response[status: 401, status_text: , url: https://jira.vonage.com/rest/api/3/user/[email protected]])', src/config/cache.rs:29:42
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

I know this is not a lot of useful information, but I don't know exactly what to do do debug it.

I surmise this might be related to the Jira instance being set up with Okta SSO. Any guesses?

edit: seems the instance is using the de.resolution.apitokenauth plugin for API token authentication, if that could be the cause..

[amritghimire]

Can you try once with username and password combination instead to figure out if Basic authentication with password works? @danielkza

[danielkza]

@amritghimire I don't have a password as login is performed through SSO only :(

[amritghimire]

Please have a look at https://wiki.resolution.de/doc/saml-sso/latest/all/knowledgebase-articles/technical/using-the-atlassian-product-s-rest-api-with-saml-sso-enabled Option 3 if it helps. @danielkza

[danielkza]

After quite a while, I figured out what the issue is. My company's Jira Instance requires the username to be used for authorization, as determined by the Okta SSO. But Jira-terminal asks for the email, and tries to use that to authenticate.

If I simply pass my usernames as the email, the authentication will be successful, but the test query attempting to find an user with that email will fail.

I think this can be solved by checking for the presence of an @ sign in the username, and when missing, interpret it as an username instead, and change the initial query criteria so it doesn't fail.

[amritghimire]

Thank you @danielkza . Will look into it.

[songtianyi]

any progress on this issue?

[amritghimire]

The new version has been fixed with better error reporting. Can you please drop your error stack in the thread?
@songtianyi

[songtianyi]

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>不巧, 你已找到了死链接。 - JIRA</title><script type="text/javascript">contextPath = "";</script><link type='text/css' rel='stylesheet' href='/static-assets/metal-all.css' media='all'><script src='/static-assets/jquery-min.js'></script><script src='/static-assets/metal-all.js'></script><meta name="decorator" content="none" /></head><body class=" error-page error404"><script type="text/javascript">document.body.className += " js-enabled";</script><div id="page"><header id="header" role="banner" aria-label="站点"></header><div id="content"><div class="aui-page-panel" ><div class="aui-page-panel-inner"><main role="main" id="main" class="aui-page-panel-content lowerContent" ><div id="error-state"><span class="error-type"></span><h1>不巧, 你已找到了死链接。</h1><ul><li>返回 到<a href="javascript:window.history.back()">上一页</a></li><li>转换到 <a href="/secure/MyJiraHome.jspa">主页</a></li></ul></div></main></div></div></div><footer id="footer" role="contentinfo"><section class="footer-body"><ul class="atlassian-footer">
    <li>
        Atlassian Jira <a class="seo-link" rel="nofollow" href="https://www.atlassian.com/software/jira">Project Management Software</a>
                                            <span id="footer-build-information">(v8.16.1#816001-<span title='b8b28db1b682e9a8568ad9c3cfad139bae9ed93f' data-commit-id='b8b28db1b682e9a8568ad9c3cfad139bae9ed93f}'>sha1:b8b28db</span>)</span>
    </li>
    <li>
        <a id="about-link" rel="nofollow" href="/secure/AboutPage.jspa/secure/AboutPage.jspa">About Jira</a>
    </li>
    <li>
        <a id="footer-report-problem-link" rel="nofollow" href="/secure/CreateIssue!default.jspa">Report a problem</a>
    </li>
</ul>
    <p class="atlassian-footer">
        <span class="licensemessage">

        </span>
    </p>
<div id="footer-logo"><a href="http://www.atlassian.com/" rel="nofollow">Atlassian</a></div></section></footer></div></body></html>
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Status(404, Response[status: 404, status_text: API])', src/config/cache.rs:29:42
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

不巧, 你已找到了死链接 means what you found is a dead link

[songtianyi]

pub fn get_username(configuration: &json::JsonValue) -> String {
    let url = format!(
        "user/search?query={}",
        configuration["email"].as_str().unwrap().to_string()
    );
    let api_request = api::request::ApiRequest {
        url,
        username: configuration["email"].as_str().unwrap().to_string(),
        password: configuration["token"].as_str().unwrap().to_string(),
        json: json::object! {},
        namespace: configuration["namespace"].as_str().unwrap().to_string(),
        version: 3,
    };
    let response = api::get(api_request).unwrap();
    let account_id = String::from(response[0]["accountId"].as_str().unwrap());
    account_id
}

Is that url is correct for jira server instance? The server said it's a dead link

[amritghimire]

Yes, we are querying the search endpoint to fetch the accountId that is used lately due to recent change in GDPR. Seems like the search endpoint is disabled in Self hosted JIRA Instance. @songtianyi

[songtianyi]

curl -H "Authorization: Bearer NDU5xAzxxxxpXgGxoWYH" https://jira..xx.net/rest/api/latest/issue/PAAS-1

This works fine in my terminal. But i see the source code is Basic not Bearer

https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html

[amritghimire]

Thanks, Will look into supporting bearer auth as well. @songtianyi