1

I try to retrieve some information from our JIRA (cloud) using TScHttpWebRequest component. The RequestUri is set to

"https://takarekinfo.atlassian.net/rest/agile/1.0/issue/KE-7347?fields=customfield_10274".

Filled the component Credentils properties, but it says "Unauthorized". As I understand the JIRA wont accept basic authentication anymore, so I generated a token and tried this:

"https://takarekinfo.atlassian.net/rest/agile/1.0/issue/KE-7347?user=my_email@domain.com:xxxx_my_token_xxx&fields=customfield_10274".

Still no luck. If I log in to the JIRA in the browser both URL working fine. Unfortunatelly I have very little knowledge about this kind of technology, so I would appreciate any help how can I retrieve the desired information form our JIRA.

update: this one is working fine with curl.exe: curl.exe -D- -u my_email@domain.com:xxxx_my_token_xxx -X GET -H "Content-Type: application/json" https://takarekinfo.atlassian.net/rest/agile/1.0/issue/KE-7347?fields=customfield_10274

All I need to implement this code using SecureBridge or other working solution under XE7. Tried TIdHTTP, not working for me, it says IOHandler not assigned and when I assign a SSL IOHandler says SSL library could not load, probably this is the same problem I ran into, Indy doesnt handle certain SSL protocols.

Ken White
  • 123,280
  • 14
  • 225
  • 444
tcxbalage
  • 696
  • 1
  • 10
  • 30
  • I've rolled back your edit. It is not appropriate to edit a solution into the question itself. If you've found a solution and want to share it, do so by writing an answer in the space provided below for that purpose. See [Can I answer my own question?](http://stackoverflow.com/help/self-answer) for more information. – Ken White Oct 17 '20 at 02:41
  • You can use Indy SSL, but need to distribute the OpenSSL libraries to actually make it work: https://indy.fulgan.com/SSL/Archive/ – R. Hoek Oct 17 '20 at 09:37
  • @R.Hoek, i know, but this is a different problem, see here: https://stackoverflow.com/questions/62579768/indy-10-6-0-5169-openssl-1-0-2u-delphi-xe7-handshake-error – tcxbalage Oct 17 '20 at 10:31
  • @tcxbalage yes, I know there are issues depending on the Indy version and required ssl version, but that wasn’t clear in the question ;) – R. Hoek Oct 17 '20 at 13:25
  • @R.Hoek, you right I didnt specify clearly the problem about the Indy, was lazy to type that much, sorry :), – tcxbalage Oct 17 '20 at 13:37

1 Answers1

1

Found the solution:

TScHttpWebRequest.HeaderText= 'authorization=Basic FFFFFFFF'

where FFFFFFFF is the base64 encoded 'my_email@domain.com:xxxx_my_token_xxx'

tcxbalage
  • 696
  • 1
  • 10
  • 30
  • This is basic HTTP knowledge - see [RFC 7617](https://tools.ietf.org/html/rfc7617) and/or [Wikipedia](https://en.wikipedia.org/wiki/Basic_access_authentication), which means your assumption "As I understand the JIRA wont accept basic authentication anymore" was wrong. – AmigoJack Oct 17 '20 at 13:17
  • @AmigoJack, basic authentication means user+password, which is not allowed on JIRA, only user+token. – tcxbalage Oct 17 '20 at 13:39
  • I have no permission to access the JIRA ticket, so "token" still looks to me just like password rules and cannot be distinguished from a password technically. https://developer.atlassian.com/server/jira/platform/basic-authentication/ nowhere mentions tokens instead of passwords. – AmigoJack Oct 17 '20 at 14:42
  • The page that you linked is referring to the Jira server which you can download and install for yourself. I have problem with the Jira cloud, as I mentioned in my question. There are different security rules, username+password not allowed. – tcxbalage Oct 18 '20 at 00:49
  • https://developer.atlassian.com/cloud/jira/platform/deprecation-notice-basic-auth-and-cookie-based-auth/ – tcxbalage Oct 18 '20 at 00:54
  • In Jira terms yes: you (now) must use a token, not a password. But it is still a HTTP basic authentication as per RFC and there it is irrelevant how "password" looks like. https://confluence.atlassian.com/cloud/api-tokens-938839638.html confirms that it is still a HTTP basic authentication - your problem is unbound to any HTTP context, as talking with Jira has not changed in your code - only your "password" has changed. – AmigoJack Oct 18 '20 at 10:25