New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

jira-oauth

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jira-oauth

Python library for Jira OAuth

0.1.12
PyPI
Maintainers
1

jira-oauth

License PyPI - Python Version PyPI

Python library for Jira OAuth

RSA private and public key creations

  • Create RSA private key and store it in file oauth.pem
$ openssl genrsa -out oauth.pem 1024
  • Create RSA public key and store it in file oauth.pub
$ openssl rsa -in oauth.pem -pubout -out oauth.pub
  • Share RSA public key oauth.pub with your Jira Admin, as they need it during Jira Application Link creation.

Jira Application Link Creation Steps

  • Login as a Jira administrator
  • Go to Application links section under Application area
  • Enter dummy url (as oauth token used for API access and not web access) https://jira-oauth1-rest-api-access
  • Click on Create new link button
  • Click Continue on next screen
  • Enter something like Jira OAuth1 REST API access as a Application Name
  • Check Create incomindg link checkbox.
  • Don't need to fill any other information. Click on Continue
  • Now you should able to see new Application link with name Jira OAuth1 REST API access created and available under section Configure Application Links section
  • Click on pencil icon to configure Incoming Authentication
    • Enter jira-oauth1-rest-api-access (or any other appropriate string) as Consumer key
    • Enter same string jira-oauth1-rest-api-access (or any other appropriate string) as Consumer Name
    • Enter content of RSA public key (stored in file oauth.pub) as public key
    • Click on Save

Prepare for OAuth Dance

Create starter_oauth.config in ~/.oauthconfig folder:

[oauth_config]
jira_url=https://jira.example.com
consumer_key=jira-oauth1-rest-api-access
test_jira_issue=IDEV-1

Perform Jira OAuth Dance

  • Python Virtual Environment that we create earlier is active.
  • Run jira-oauth.
  • Authenticate in browser as directed below.
  • After successful OAuth generation, you will get another set of values for oauth_token and oauth_token_secret. These are you tokens that you need to use access Jira without passing credentials.
$ jira-oauth
Request Token: oauth_token=6AOSSREyS9HaACqEcHjcD6RJVms2NjEr, oauth_token_secret=gnpJMfbgUyG8W4dKzFW4PKFbGttV2CWm

Go to the following link in your browser: https://jira.example.com/plugins/servlet/oauth/authorize?oauth_token=6AOSSREyS9HaACqEcHjcD6RJVms2NjEr
Have you authorized me? (y/n) y

Access Token: oauth_token=lmOh7LEdvZ2yxKIm5rdQY2ZfZqNdvUV4, oauth_token_secret=gnpJMfbgUyG8W4dKzFW4PKFbGttV2CWm
You may now access protected resources using the access tokens above.

Accessing IDEV-1 using generated OAuth tokens:
Success!
Issue key: IDEV-1, Summary: Internal Devepment Issue #1

Run with Docker

cp -R ~/.oauthconfig ./
docker build -t jira-oauth .
docker run -p 8080:8080 -it --rm jira-oauth

Credits

Thank you, Raju Kadam, for implementing https://github.com/rkadam/jira-oauth-generator

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

NVD Quietly Sweeps 100K+ CVEs Into a “Deferred” Black Hole

Security News

NVD Quietly Sweeps 100K+ CVEs Into a “Deferred” Black Hole

NVD now marks all pre-2018 CVEs as "Deferred," signaling it will no longer enrich older vulnerabilities, further eroding trust in its data.

By Sarah Gooding  -  Apr 04, 2025