Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
- Maintainers
- 1
jira-oauth
Python library for Jira OAuth
RSA private and public key creations
- Create RSA private key and store it in file oauth.pem
$ openssl genrsa -out oauth.pem 1024
- Create RSA public key and store it in file oauth.pub
$ openssl rsa -in oauth.pem -pubout -out oauth.pub
- Share RSA public key oauth.pub with your Jira Admin, as they need it during Jira Application Link creation.
Jira Application Link Creation Steps
- Login as a Jira administrator
- Go to Application links section under Application area
- Enter dummy url (as oauth token used for API access and not web access) https://jira-oauth1-rest-api-access
- Click on Create new link button
- Click Continue on next screen
- Enter something like Jira OAuth1 REST API access as a Application Name
- Check Create incomindg link checkbox.
- Don't need to fill any other information. Click on Continue
- Now you should able to see new Application link with name Jira OAuth1 REST API access created and available under section Configure Application Links section
- Click on pencil icon to configure Incoming Authentication
- Enter jira-oauth1-rest-api-access (or any other appropriate string) as Consumer key
- Enter same string jira-oauth1-rest-api-access (or any other appropriate string) as Consumer Name
- Enter content of RSA public key (stored in file oauth.pub) as public key
- Click on Save
Prepare for OAuth Dance
Create starter_oauth.config in ~/.oauthconfig folder:
[oauth_config]
jira_url=https://jira.example.com
consumer_key=jira-oauth1-rest-api-access
test_jira_issue=IDEV-1
Perform Jira OAuth Dance
- Python Virtual Environment that we create earlier is active.
- Run jira-oauth.
- Authenticate in browser as directed below.
- After successful OAuth generation, you will get another set of values for oauth_token and oauth_token_secret. These are you tokens that you need to use access Jira without passing credentials.
$ jira-oauth
Request Token: oauth_token=6AOSSREyS9HaACqEcHjcD6RJVms2NjEr, oauth_token_secret=gnpJMfbgUyG8W4dKzFW4PKFbGttV2CWm
Go to the following link in your browser: https://jira.example.com/plugins/servlet/oauth/authorize?oauth_token=6AOSSREyS9HaACqEcHjcD6RJVms2NjEr
Have you authorized me? (y/n) y
Access Token: oauth_token=lmOh7LEdvZ2yxKIm5rdQY2ZfZqNdvUV4, oauth_token_secret=gnpJMfbgUyG8W4dKzFW4PKFbGttV2CWm
You may now access protected resources using the access tokens above.
Accessing IDEV-1 using generated OAuth tokens:
Success!
Issue key: IDEV-1, Summary: Internal Devepment Issue #1
Run with Docker
cp -R ~/.oauthconfig ./
docker build -t jira-oauth .
docker run -p 8080:8080 -it --rm jira-oauth
Credits
Thank you, Raju Kadam, for implementing https://github.com/rkadam/jira-oauth-generator
FAQs
Python library for Jira OAuth
We found that jira-oauth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025