REST API Authentication On Atlassian using Github as OAuth Provider

Download

REST API Authentication plugin, will let you authenticate the any application (Jira, Confluence, Bitbucket) APIs using any third party OAuth/OIDC provider or API Tokens. The app supports Azure AD, Keycloak, Okta, AWS Cognito, Google, Github, Slack, Gitlab, Facebook and any custom provider.

Atlassian provides REST APIs to perform a number of operations such as Create Page, Delete Page, Add Comment, Create Space, etc. However, it supports only two authentication methods for REST APIs:

Basic Authentication
Using OAuth 1.0

The REST API Authentication plugin allows you to use any third party OAuth 2.0 provider/ OpenID connect to authenticate REST APIs of any application (Jira, Confluence, Bitbucket). Here we will go through a guide to configure Azure AD as Provider.

Download And Installation

Log into your atlassian instance as admin.
Navigate to the settings menu and Click Manage Apps.
Click Find new apps or Find new add-ons from the left-hand side of the page.
Locate API Token/OAuth Authentication app.
Click Try free to begin a new trial or Buy now to purchase a license.
Enter your information and click Generate license when redirected to MyAtlassian.
Click Apply license.

Step 1: Configure Github server:

Login to GitHub : Go to Github Developer and login with your account. Click on settings.

Rest API OAuth, API token, API Key authentication for Jira and Confluence Github

Select Developer settings. And Select OAuth Apps and click on Register a new application button.

Enter app credentials : Enter app name, plugin homepage URL. Enter the Application base URL under Authorized callback URL field.

Copy Client ID and Client Secret.

Step 2: Fetch Access token through POSTMAN:

Open the Postman Application (Here is the link to download Postman Application).
Go to Authorization tab.
From the dropdown select type as OAuth 2.0 and click on Get access token.
Add the following information from the table below.
Postman starts the authentication flow and prompts you to use the access token.
Select Add token to the header.

Field	Value
Grant type	Authorization Code or Client Credentials
Callback URL	Enter application's base URL if you dont have a callback URL
Auth URL	https://github.com/login/oauth/authorize
Access token URL	https://github.com/login/oauth/access_token
Client ID	Enter the Github Client ID
Client secret	Enter the Github Client secret
Scope	Blank
Client Authentication	Send as Basic Auth Header

Rest API OAuth, API token, API Key authentication for Jira and Confluence Github Access Token

Copy the Access Token or click on Use Token.

A sample access token from Github Provider looks like this.

A834c0606ba71336423013699db8e971

Step 3: Fetch Username through Github:

Choose the method type as "GET".
Enter the interoception Endpoint from the plugin to fetch the username in the Request URL. For Github it is "https://api.github.com/user".
Go to the Authorization tab select the Bearer Token and enter the access token here.
Add the header "content-type: application/json" and click on Send.

Request:

     curl 
     -X GET 
     -H "Authorization: Bearer <Access Token>" 
     -H "Content-type: application/json" 
     https://api.github.com/user

Copy the attribute value against the username, you will need to configure it in plugin. In this example, the value is "login".

Step 4: Configure the Rest API plugin:

Step 1: Enable Rest API Authentication:

After installing the app, click on Configure to configure plugin.
Select the Authentication type and navigate to Oauth/OIDC tab, then click on Configure.
From the drop down select Github as OAuth Provider.
Enter the attribute value against which we received the username in the Postman response.
Save the settings.
Now navigate to the Global Settings tab.
Here you will have to Enable the Authentication through Enable REST API Authentication and click on Save.

Step 2: Disable Basic Authentication:

Disabling this will restrict all the REST API call made using Basic Authentication.

Step 5: User Restriction:

Step 1: Group Based Restriction:

Navigate to User Restriction Tab and then Group Based Restriction.
Check the Restrict Access to API.
Enter the Group to allow user to access Rest API.
Save the settings.

Step 2: IP Restriction:

Navigate to User Restriction Tab and then IP Restriction.
Check the Restrict Access to API by IP address.
Add IP Address or range to allow Rest API.
Save the settings.

Rest API OAuth, API token, API Key authentication for Jira and Confluence-UserRestrictionTab

Step 6: Test REST API using access token:

Download And Installation
Step 1: Configure GitHub server
Step 2: Fetch Access token through POSTMAN
Step 3: Fetch Username through GitHub
Step 4: Configure the Rest API plugin
Step 5: User Restriction
Step 6: Test REST API using Access Token
Additional Resources

Jira Rest API

Call any REST API. Include the access token in the Authorization header. Here’s an example of fetching content from Jira.
Go to the Postman application select method type as GET and enter the Request URL. For eg. http://{Jira_Base_URL}/rest/api/2/project
In the Authorization tab select type as Bearer Token.

Rest API OAuth, API token, API Key authentication for Jira and Confluence Confluence-Rest-API-AzureAD B2C

In the Header tab add the header “content-type: application/json and send the request.

Request:

     curl 
     -X GET  
     -H "Authorization: Bearer <Access Token>" 
     -H "Content-type: application/json" 
     http://{jira_base_url}/rest/api/2/project

This will return all projects which are visible for the current userstatus 200.
If the token is invalid or missing, the call will return a 401 Unauthorized response

Confluence Rest API

Call any REST API. Include the access token in the Authorization header. Here’s an example of fetching content from Confluence.
Go to the Postman application select method type as GET and enter the Request URL. For eg. http://{Confluence_Base_URL}/confluence/rest/api/content/
In the Authorization tab select type as Bearer Token.

In the Header tab add the header “content-type: application/json and send the request.

Request:

     curl 
     -X GET  
     -H "Authorization: Bearer <Access Token>" 
     -H "Content-type: application/json" 
     http://{confluence_base_url}/confluence/rest/api/content/

This will show the content in Confluence and will return the status 200.
If the token is invalid or missing, the call will return a 401 Unauthorized response

Bitbucket Rest API

Call any REST API. Include the access token in the Authorization header. Here’s an example of fetching content from Bitbucket.
Go to the Postman application select method type as GET and enter the Request URL. For eg. http://{Bitbucket_Base_URL}/rest/api/1.0/dashboard/pull-requests
In the Authorization tab select type as Bearer Token.

In the Header tab add the header “content-type: application/json and send the request.

Request:

     curl 
     -X GET  
     -H "Authorization: Bearer <Access Token>" 
     -H "Content-type: application/json" 
     http://{bitbucket_base_url}/rest/api/1.0/dashboard/pull-requests/

This will Retrieve a page of pull requests where the current authenticated user status 200.
If the token is invalid or missing, the call will return a 401 Unauthorized response

Additional Resources

If you are looking for anything which you cannot find, please drop us an email on info@xecurify.com

REST API Authentication On Atlassian using Github as OAuth Provider

Download And Installation

Step 1: Configure Github server:

Step 2: Fetch Access token through POSTMAN:

Step 3: Fetch Username through Github:

Step 4: Configure the Rest API plugin:

Step 1: Enable Rest API Authentication:

Step 2: Disable Basic Authentication:

Step 5: User Restriction:

Step 1: Group Based Restriction:

Step 2: IP Restriction:

Step 6: Test REST API using access token:

Contents

Jira Rest API

Confluence Rest API

Bitbucket Rest API

Additional Resources

STAY CONNECTED

Product

Solutions

Why miniorange

Company