Versions Compared

Old Version 3

changes.mady.by.user Jeff Turner

Saved on

compared with

New Version 4

changes.mady.by.user Jeff Turner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

If you are writing a script that interacts with Jira /Confluence through a REST API, you should authenticate using an OAuth token, rather than an embedded username/password. Here we describe one way to do the 'oauth dance' to generate a trusted token using Python 3 - specifically the jirashell  utility from the jira Python package.

...

There are many attempts to explain this process on the internet. Every one I have found has been awful: either handwaving hand-waving away details, or too dense, trying to explain the mechanics of OAuth with missionary zeal. Just tell me what to type and where to click, and give me my token!

...

Every OAuth token has a key: for the purposes, the key will be monitor-jira-license

Install Python 3

Running python3  or python --version  should show Python 3.x.

Create a venv

Code Block
mkdir jira-oauth
cd jira-oauth
python3 -m venv venv
. venv/bin/activate

Install Python libraries

Code Block
pip3 install jira ipython


Generate an RSA public key

Code Block
openssl genrsa -out rsa.pem 2048
openssl rsa -in rsa.pem -pubout -out rsa.pub

In Jira (or Confluence), create an applink. Applinks normally connect to other HTTP apps, but in this case our OAuth client doesn't have a URL, so use a fake one:

...

Click 'Continue', and your application link will be created.

OAuth dance

Now from your terminal, do the OAuth dance with your Jira installation:

Code Block
BROWSER='echo %s' jirashell --server https://issues.redradishtech.com --consumer-key monitor-jira-license --key-cert rsa.pem --oauth-dance


Expand
titleWhy BROWSER='echo %s'..

Jirashell would normally try to launch your preferred web browser, using the webbrowser library. By setting the BROWSER env variable, we tell Python not to bother, and just print the URL for us to manually cut & paste. This is require for server environments, where lynx isn't able to deal with Jira's Javascript.


This should print a URL. Open it in your browserAt this point two things should happen: a browser window should launch asking for authorization:

Click *Allow* in the Browser window:


Your After the URL, your terminal also should have displayed:

Ignore the extra debugging: you're still being prompted for 'y' or 'n' at this point.

Code Block
Your browser is opening the OAuth authorization for this client session.
Have you authorized this program to connect on your behalf to https://issues.redradishtech.com? (y/n)
Warning
Actually, on Chrome on Linux, I find that launching the Chrome window printed some debug text, unhelpfully right after the 
(y/n)
prompt:code
Your browser is opening the OAuth authorization for this client session.
Have you authorized this program to connect on your behalf to https://issues.redradishtech.com? (y/n)[1127:1155:0610/114150.937882:ERROR:browser_process_sub_
thread.cc(221)] Waited 7 ms for network service
Opening in existing browser session.
Press 'y'.
The jirashell command now proceeds to launch an IPython session:
...

Just for fun, run `jira.server_info()` to prove you're connected:
Press ctrl-d to exit.
Print your OAuth token
Jira trusts us. Now we need to print the token. Add '--print-tokens' to the last command:
...
 Code Block
Request tokens received.
Request token: kLYKeT0g9EiJDDmqlxQTH9VjRs2fpFS6
Request token secret: snhWUlGQmzLu6I9ju1aQGNjulQQPT1lz
Please visit this URL to authorize the OAuth request:
https://issues.redradishtech.com/plugins/servlet/oauth/authorize?oauth_token=kLYKeT0g9EiJDDmqlxQTH9VjRs2fpFS6 
Have you authorized this program to connect on your behalf to https://issues.redradishtech.com? (y/n) 
Hit 'n'.
Test your OAuth token
Now embed the 'Request token' and 'Request token secret' values you saw above into a new jirashell command:
...
 Code Block
<JIRA Shell 2.0.0 (https://issues.redradishtech.com)>

*** JIRA shell active; client is in 'jira'. Press Ctrl-D to exit.

In [1]: Out[1]: 
{'baseUrl': 'https://issues.redradishtech.com',
 'version': '7.13.0',
 'versionNumbers': [7, 13, 0],
 'deploymentType': 'Server',
 'buildNumber': 713000,
 'buildDate': '2018-11-28T00:00:00.000+1100',
 'scmInfo': 'fbf406879436de2f3fb1cfa09c7fa556fb79615a',
 'serverTitle': 'Red Radish JIRA'}

In [2]: Do you really want to exit ([y]/n)? 
Conclusion
You now have the three things you need: the token, the token secret, and rsa.pub  private key.