REST API Authentication On Atlassian using Okta as OAuth Provider

Using this app, you can authenticate the Application APIs using any third party OAuth/OIDC provider or API Tokens. The app supports Azure AD, Keycloak, Okta, AWS Cognito, Google, Github, Slack, Gitlab, Facebook and any custom provider.

Atlassian provides REST APIs to perform a number of operations such as Create Page, Delete Page, Add Comment, Create Space, etc. However, it supports only two authentication methods for REST APIs:
  1. Basic Authentication
  2. Using OAuth 1.0
The REST API Authentication plugin allows you to use any third party OAuth 2.0 provider/ OpenID connect to authenticate REST APIs. Here we will go through a guide to configure Azure AD as Provider.

Download And Installation

  • Log into your atlassian instance as admin.
  • Navigate to the settings menu and Click Manage Apps.
  • Click Find new apps or Find new add-ons from the left-hand side of the page.
  • Locate API Token/OAuth Authentication app.
  • Click Try free to begin a new trial or Buy now to purchase a license.
  • Enter your information and click Generate license when redirected to MyAtlassian.
  • Click Apply license.

Step 1: Configure Okta server:

  • First of all, go to https://www.okta.com/login and log into your Okta account.
  • will be presented with following screen. Click on Applications on the navigation bar on top.
Rest API OAuth, API token, API Key authentication for Jira and Confluence Okta
  • Click on Add Application button and select Create New App.
Rest API OAuth, API token, API Key authentication for Jira and Confluence Okta
  • Choose Web as platform, OpenID Connect as Sign on method, and click on Create.
Rest API OAuth, API token, API Key authentication for Jira and Confluence Okta
  • You will be redirected to the app details page. Enter Application name and Login Redirect URIs. Copy Callback URL from the plugin . Click on Save.
Rest API OAuth, API token, API Key authentication for Jira and Confluence Okta  
  • You will be brought to App details page. Scroll down to Client Credentials section.
Rest API OAuth, API token, API Key authentication for Jira and Confluence Okta
Note: Copy the ClientID and Client Secret.

Step 2: Fetch Access token through POSTMAN:

  • Open the Postman Application (Here is the link to download Postman Application).
  • Go to Authorization tab.
  • From the dropdown select type as OAuth 2.0 and  click on Get access token.
  • Add the following information from the table below.
  • Postman starts the authentication flow and prompts you to use the access token.
  • Select Add token to the header.
Field Value
Grant type Authorization Code or Client Credentials
Callback URL Enter the Application's base URL if you dont have a callback URL
Auth URL https://<Domain_Name>/oauth2/default/v1/authorize
Access token URL https://<Domain_Name>/oauth2/default/v1/token
Client ID Enter the Okta Client ID
Client secret Enter the Okta Client secret
Scope openid
Client Authentication Send as Basic Auth Header
  Rest API OAuth, API token, API Key authentication for Jira and Confluence AccessToken
  • Copy the Access Token or click on Use Token.
A sample access token from Okta Provider looks like this.
A834c0606ba71336423013699db8e971

Step 3: Fetch Username through Okta:

  • Choose the method type as "GET".
  • Enter the interoception Endpoint from the plugin to fetch the username in the Request URL. For Okta it is "https://{Domain_Name}/oauth2/default/v1/userinfo".
  • Go to the Authorization tab select the Bearer Token and enter the access token here.
  • Add the header "content-type: application/json" and click on Send.
Rest API OAuth, API token, API Key authentication for Jira and Confluence Username
Request:
     curl 
     -X GET 
     -H "Authorization: Bearer <Access Token>" 
     -H "Content-type: application/json" 
     https://{Domain_Name}/oauth2/default/v1/userinfo
Copy the attribute value against the username, you will need to configure it in plugin. In this example, the value is "preferred_username".  

Step 4:Configure the Rest API plugin:

Step 1: Enable Rest API Authentication:
  • After installing the app, navigate to the app configurations through the Manage Apps dropdown.
  • Here you will have to Enable Authentication through Rest API Authentication.
  • In the dropdown provided select Okta as the OAuth provider.
  • Enter the Domain Name from Okta.
  • Enter the attribute value against which we received the username in the Postman response.
  • Save the settings.

Rest API OAuth, API token, API Key authentication for Jira and Confluence

Step 2: Disable Basic Authentication:
  • Disabling this will restrict all the REST API call made using Basic Authentication.
 

Step 5: Test REST API using access token:

  • Call any REST API. Include the access token in the Authorization header. Here’s an example of fetching content from Confluence.
  • Go to the Postman application select method type as GET and enter the Request URL. For eg. http://{Confluence_Base_URL}/confluence/rest/api/content/
  • In the Authorization tab select type as Bearer Token.
Rest API OAuth, API token, API Key authentication for Jira and Confluence  
  • In the Header tab add the header “content-type: application/json and send the request.
Rest API OAuth, API token, API Key authentication for Jira and Confluence
Request:
     curl 
     -X GET  
     -H "Authorization: Bearer <Access Token>" 
     -H "Content-type: application/json" 
     http://{confluence_base_url}/confluence/rest/api/content/
  • This will show the content in Confluence and will return the status 200.
  • If the token is invalid or missing, the call will return a 401 Unauthorized response.


Our Other Apps: SAML SSO Apps | OAuth Apps | 2FA Apps | Crowd Apps | REST API Apps | Kerberos/NTLM Apps | User Sync Apps |
                             Bitbucket Git Authentication App

If you are looking for anything which you cannot find, please drop us an email on info@xecurify.com