REST API Authentication In Atlassian using Authorization Grant from OAuth Provider
Welcome to the exciting realm of REST API Authentication in Atlassian using Authorization Grant from OAuth Provider! OAuth 2.0 - Your Key to Secure Access.
OAuth 2.0 is the go-to method for authenticating access to APIs, providing authorization without compromising your email address or password. With OAuth 2.0, you can seamlessly access Jira/Confluence content via APIs without sharing sensitive credentials.
This guide will walk you through the steps to configure authentication through Authorization Grant from OAuth Provider.
Download And Installation
- Log into your Atlassian instance as an admin.
- Navigate to the settings menu and click Manage Apps.
- Click Find new apps or Find new add-ons from the left-hand side of the page.
- Locate API Token/OAuth Authentication app.
- Click Try free to begin a new trial or buy now to purchase a license.
- Enter your information and click Generate License when redirected to MyAtlassian.
- Click Apply License.
Authentication Methods
Step 1: Configure Authorization Grant from OAuth Provider
- Head over to the OAuth 2.0 Token Tab and select Authorization Grant.
- It will display a list of the following IDPs through which you can select.
- Select the Custom Provider.
- Enter the following details.
- User info endpoint
- Authorization endpoint
- Token endpoint
- Copy the redirect URI and paste it into the callback/redirect URIs of the OAuth provider.
- Enter the details such as Client ID, Client secret, scope and State.
- To configure the username attribute, click on the Get username/email attribute button.
- Click on the Fetch token button.
- You'll be redirected to your OAuth provider. Log in, and voila! You'll receive the access token.
- Paste the OAuth 2.0 Access token obtained from the OAuth provider, and click on "Get response."
- In the received response, copy the JSON attribute containing the username/email of the user in the local directory. Paste it into the Username/Email Attribute input field, and click on Save.
- You can fetch the token using the "Fetch Token" button or grab it through POSTMAN using the provided curl. Copy the token.
1.1 : Configure Authorization Grant for Authenticating the tokens
NOTE: If you've configured another grant previously, a pop-up will ask if you want to switch. If you've set up an IDP and want to change it, just click on "Change OAuth Provider."
.
Can't find yours or using a custom IDP? No worries! we got you covered.
Follow the steps below to configure your IDP using the Custom IDP option
1.2 : Configuring the provider
Make sure that you have entered all the required information in the previous form as the details such as client ID and client secret will be used to retrieve the OAuth token.
Feeling a bit stuck? Reach out to atlassiansupport@xecurify.com for assistance.
Step 2: Test Configurations
- Select the appropriate token type.
- Paste the token and click on Test Token.
🎊 Test Successful! You can proceed further.
Need Help?
If you encounter any difficulties configuring add-ons, please contact us at atlassiansupport@xecurify.com or raise a support ticket here.
Step 3: Adding Group and IP-Based Restriction
- You can Enable Allow API access and select groups who can access the APIs. Users who will not be part of selected groups cannot access the APIs.
- You can Enable Read-only Groups and allow selected groups to only access READ APIs. Users of selected groups will not be able to perform WRITE operations.
- You can Enable Allow Token Generation and select groups that can generate tokens. Users who will not be part of selected groups cannot generate tokens.
- You can enable Restrict Access to API by IP Address to allow API access from a specified network.
- You can add the specific IP address or IP range in CIDR notations; this will block all calls that do not belong to the configured values.
- You can enable Reverse Proxy Compatibility if your instance is running behind a reverse proxy and specify the header name to retrieve the client’s real IP address.
Group Based Restrictions
IP Based Restrictions
Step 4: Public API Access
- Public APIs do not require authentication and can be accessed anonymously. However, you can configure the API in Restrict Access to Public APIs and force authentication.
- You can disable authentication through the plugin for specified APIs by adding them under Bypass API Authentication. However, default authentication might still be applicable.
Restrict Access to Public APIs
Bypass API from Authentication
Step 5: Global Settings
- The Enable REST API Authentication toggle ensures API authentication through the plugin. If disabled, the plugin will not be involved in API authentication.
- The Disable Basic Authentication toggle allows you to enforce authentication through the plugin. Basic authentication using username and password will be restricted.
- You can use the Plugin's OAuth 2.0 Tokens toggle to disable OAuth 2.0 tokens if not in use.
- The Allow PAT Tokens will allow users to use PAT tokens generated by Jira/Confluence to access the API. To restrict the use of PAT tokens and enforce authentication through the plugin you can disable the toggle.
- The Allow users to create Tokens toggle will allow all other users to generate tokens. If disabled, only admins will be able to generate tokens. However, if you have enabled Allow groups to generate tokens from group-based restrictions, you need to keep the toggle on.
Step 6: Rate Limiting
- Enable rate limiting to restrict the number of requests made by a token within the specified time frame.
- Then select the number of requests to be allowed and the time frame.
- This will enforce rate limiting on the API tokens generated through the plugin.
Step 7: Audit Logs
- You can Enable Audit Logs to log the activity with REST APIs. This will help you monitor the REST API access.
- You can also update the Scheduler settings that automatically delete logs after a specific number of days or entries.
Hi! Do you need help with this guide?
Thank you for your response. We will get back to you soon.
Something went wrong. Please submit your query again
Recommended Add-Ons
Jira SAML SSO
Jira SAML SSO application enables SSO for Jira Software and Jira Service Desk.
Know MoreJira OAuth SSO
Secure your Jira Service Management with OAuth/OpenID Connect SSO.
Know MoreTwo Factor Authentication
Enable 2FA/MFA for users & groups and let users configure 2FA during their first login.
Know MoreBulk User Management
Bulk Activate, De-activate and Delete inactive users and save the license for Jira.
Know MoreAdditional Resources
Our Other Apps:
SAML SSO Apps
|
OAuth Apps
|
Crowd Apps
|
2FA Apps
|
REST API Apps
|
User Sync Apps
|
Bulk User Management
|
Secure Share
|
Bitbucket Git Authentication App | Kerberos/NTLM Apps | Word/PDF Exporter | WebAuthn | SonarQube SSO | Jenkins SSO
Bitbucket Git Authentication App | Kerberos/NTLM Apps | Word/PDF Exporter | WebAuthn | SonarQube SSO | Jenkins SSO
If you don't find what you are looking for, please contact us at support-atlassian@miniorange.atlassian.net or raise a support ticket here.
×
![ADFS_sso]()