1

We're working to get the Auth token for a user from Jira. This Auth token will be used to make API calls to get the Issues from the Jira platform for the users (my agents). To get this Auth token, I'm getting the username & password of my agent, however, there is no API for Password grant to get the Auth token in the Jira APIs. All their OAuth authentication is also 3LO (3 Legged OAuth, Where the user has to be involved). Is there an easier way to extract the OAuth using simple username and password.

Note: I have checked the Basic Authentication feature to make API calls, But it also requires username and API token of the agent. I don't think it's possible to individually create the API token for each agent.

Raghav Mishra
  • 429
  • 6
  • 15

1 Answers1

0

You're trying to defeat a basic security principle... only the person who has the account can create or read the token, that's the whole point of 3L OAuth or the key + token access method.

If you want to use someone's account key and token to impersonate them, only THEY can give them to you, not Jira.

David Bakkers
  • 453
  • 3
  • 13
  • Hey, Thanks for the response. What I'm looking for, is a way to get the Auth token when I have the credentials. They agent will themselves login with their credentials on my custom application, and then, I use the credentials to get the Auth token. I'm using this token to make API calls. Let me know if I can give you more details on this. – Raghav Mishra Jan 08 '21 at 07:21
  • Hello Raghav. You're asking the same question across two different Jira discussion forums. The answers you're being given on the [Atlassian Community](https://community.atlassian.com/t5/Jira-Software-questions/How-can-I-get-an-Auth-token-for-a-user-by-password-grant/qaq-p/1572153) about using JWT for Connect apps so that you can 'impersonate' the user after they've logged in with their username / password are the right answers. – David Bakkers Jan 09 '21 at 10:10
  • Hi David. Thanks for your response, But We ended up using the 3LO Authentication method as out use case was a little different and did not match with the use case for connect apps. – Raghav Mishra Jan 11 '21 at 18:00