REST API Authentication On Atlassian using Azure B2C as OAuth Provider

Atlassian provides REST APIs to perform a number of operations such as Create Page, Delete Page, Add Comment, Create Space, etc. However, it supports only two authentication methods for REST APIs:

  1. Basic Authentication
  2. Using  OAuth 1.0
The REST API Authentication plugin allows you to use any third party OAuth 2.0 provider/ OpenID connect to authenticate REST APIs. Here we will go through a guide to configure Azure B2C as Provider.

Download And Installation

  • Log into your atlassian instance as admin.
  • Navigate to the settings menu and Click Manage Apps.
  • Click Find new apps or Find new add-ons from the left-hand side of the page.
  • Locate Api Token/OAuth Authentication app.
  • Click Try free to begin a new trial or Buy now to purchase a license.
  • Enter your information and click Generate license when redirected to MyAtlassian.
  • Click Apply license.
 

Step 1: Configure Azure B2C  server:

  • Sign in to Azure portal.
  • Go to Home and search Azure B2C in search bar and select Azure AD B2C.
azure-AD-B2C  
  • Click on Applications and then on Add option to add a new application.
add_application
  • Configure following options to create new application.
    • Enter a name for your application under the Name text field.
    • Select Yes from the options in front of Web APP and Yes from options in front of Allow Implicit Flow.
    • Copy Callback URL from the miniOrange OAuth Client plugin (Configure OAuth tab) and save it under the Reply URL textbox.
    • Click on the Create button to create your application.
  • Click on the Applications option under the Manage Menu in the left navigation bar and you will find your application listed there. Click on your application.
app_ID    
  • Copy your Application ID and save it. Then, click on the Keys option to generate a key. This will be your ClientID and Client Secret. Also Copy the Directory ID this will be your Tenant ID.
  Note: Copy the ClientID and Client Secret.

Step 2: Fetch Access token through POSTMAN

  • Open the Postman Application (Here is the link to download Postman Application).
  • Go to Authorization tab.
  • From the dropdown select type as OAuth 2.0 and  click on Get access token.
  • Add the following information from the table below.
  • Postman starts the authentication flow and prompts you to use the access token.
  • Select Add token to the header.
Field Value
Grant type Authorization Code or Client Credentials
Callback URL Enter your application's base URL if you dont have a callback URL
Auth URL https://login.microsoftonline.com/<tenantID>/oauth2/authorize
Access token URL https://login.microsoftonline.com/<tenantID>/oauth2/token
Client ID Enter the Azure B2C Client ID
Client secret Enter the Azure B2C  Client secret
Scope OpenID
Client Authentication Send as Basic Auth Header
 
  • Copy the Access Token or click on Use Token.
A sample access token from Azure B2C Provider looks like this.
A834c0606ba71336423013699db8e971

Step 3: Fetch Username through Azure B2C:

  • Choose the method type as "GET".
  • Enter the interoception Endpoint from the plugin to fetch the username in the Request URL. For Azure B2C it is "https://login.windows.net/common/openid/userinfo".
  • Go to the Authorization tab select the Bearer Token and enter the access token here.
  • Add the header "content-type: application/json" and click on Send.
Azure_userRequest:
     curl 
     -X GET 
     -H "Authorization: Bearer <Access Token>" 
     -H "Content-type: application/json" 
     https://login.windows.net/common/openid/userinfo
Copy the attribute value against the username, you will need to configure it in plugin. In this example, the value is "givenName".  

Configure the Rest API plugin:

Step 1: Enable Rest API Authentication:

  • After installing the app, navigate to the Global Settings tab.
  • Here you will have to Enable the Authentication through Enable REST API Authentication and click on Save.
  • Go to the OAuth/OIDC tab and in the dropdown provided select Azure B2C as the OAuth provider.
  • Enter the attribute value against which we received the username in the Postman response.
  • Save the settings.

/AzureB2CAppStep 2: Disable Basic Authentication:

  • Disabling this will restrict all the REST API call made using Basic Authentication.
 

Test REST API using access token:

  • Call any REST API. Include the access token in the Authorization header. Here’s an example of fetching content from Confluence.
  • Go to the Postman application select method type as GET and enter the Request URL. For eg. http://{Confluence_Base_URL}/confluence/rest/api/content/
  • In the Authorization tab select type as Bearer Token.
Confluence-Rest-API-AzureAD B2C  
  • In the Header tab add the header “content-type: application/json and send the request.
Confluence-Rest-API-AzureAD B2C Request:
     curl 
     -X GET  
     -H "Authorization: Bearer <Access Token>" 
     -H "Content-type: application/json" 
     http://{confluence_base_url}/confluence/rest/api/content/
  • This will show the content in Confluence and will return the status 200.
  • If the token is invalid or missing, the call will return a 401 Unauthorized response



If you are looking for anything which you cannot find, please drop us an email on info@xecurify.com