Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added documentation for authenticating with PAT #322

Merged
merged 2 commits into from
Dec 12, 2018
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 48 additions & 15 deletions docs/en-US/about_JiraPS_Authentication.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,35 +11,65 @@ permalink: /docs/JiraPS/about/authentication.html

# SHORT DESCRIPTION

In order to authenticate with the Jira server, the user can provide the credentials with each command or create a session.
In order to authenticate with the Jira server, the user can provide the
credentials with each command or create a session.

# LONG DESCRIPTION

At present, there are two main methods of authenticating to Jira:

* HTTP basic authentication
* session-based authentication, which uses HTTP basic authentication once and preserves a session cookie.
* session-based authentication,
which uses HTTP basic authentication once and preserves a session cookie.

> Be sure to set JIRA up to use HTTPS with a valid SSL certificate if you are concerned about security!
> Be sure to set JIRA up to use HTTPS with a valid SSL certificate if you are
> concerned about security!

## HTTP Basic

Each JiraPS function that queries a Jira instance provides a `-Credential` parameter. Simply pass your Jira credentials to this parameter.
Each JiraPS function that queries a Jira instance provides
a `-Credential` parameter.
Simply pass your Jira credentials to this parameter.

```powershell
$cred = Get-Credential 'powershell'
Get-JiraIssue TEST-01 -Credential $cred
```

> HTTP basic authentication is not a secure form of authentication. It uses a Base64-encoded String of the format "username:password", and passes this string in clear text to Jira. Because decrypting this string and obtaining the username and password is trivial, the use of HTTPS is critical in any system that needs to remain secure.
> HTTP basic authentication is not a secure form of authentication.
> It uses a Base64-encoded String of the format "username:password"
> and passes this string in clear text to Jira. Because decrypting this
> string and obtaining the username and password is trivial,
> the use of HTTPS is critical in any system that needs to remain secure.

## API Token

API tokens (also called Private Access Token (PAT)) are tokens generated
by the user. This token is necessary when the user has a two-step verification
activated for his account.

An API token can be used for authenticating JiraPS with the server
in the same way as described in [HTTP Basic](#http-basic).
The only difference is, that instead of providing the password for the account,
the API token must be used.

> As of December 1st 2018, Atlassian requires API authentication
> with **Cloud Servers** to **always** use API Tokens.
> More information in the [Deprecation notice](https://developer.atlassian.com/cloud/jira/platform/deprecation-notice-basic-auth-and-cookie-based-auth/).

_More information on the API tokens and how to create one can be found at:_
_<https://confluence.atlassian.com/cloud/api-tokens-938839638.html>_

## Sessions

Jira sessions still require HTTP Basic Authentication once to create the connection.
But in this case a persistent session is saved as a `WebRequestSession`. This is Powershell's way of reusing the data provided with the first call.
Jira sessions still require [HTTP Basic](#http-basic) or [API Token](#api-token)
Authentication once to create the connection.
But in this case a persistent session is saved as a `WebRequestSession`.
This is Powershell's way of reusing the data provided with the first call.

> Previously Jira allowed for the authentication to use a session token. This token did not contain the username and password.
> But unfortunately, this API can no longer be used in combination with this module.
> Previously Jira allowed for the authentication to use a session token.
> This token did not contain the username and password.
> Unfortunately, this API can no longer be used in combination with this module.

To create a Jira session, you can use the New-JiraSession function:

Expand All @@ -48,17 +78,20 @@ $cred = Get-Credential 'powershell'
New-JiraSession -Credential $cred
```

Once you've created this session, you're done! You don't need to specify it when running other commands - JiraPS will manage this session internally.
Once you've created this session, you're done!
You don't need to specify it when running other commands - JiraPS will
manage this session internally.

The session is stored in the module's runtime.
This means that it will not be available in a new Powershell session or if the module is reloaded.
This means that it will not be available in a new Powershell session
or if the module is reloaded.

## What About OAuth?
## What About OAuth

Jira does support use of OAuth, but JiraPS does not yet.
Jira does support use of OAuth, but JiraPS does not - yet.
This is a to-do item.

# SEE ALSO

- [Wikipedia's "Basic Access Authentication"](https://en.wikipedia.org/wiki/Basic_access_authentication)
- [Implement OAuth for JiraPS](https://github.com/AtlassianPS/JiraPS/issues/101)
* [Wikipedia's "Basic Access Authentication"](https://en.wikipedia.org/wiki/Basic_access_authentication)
* [Implement OAuth for JiraPS](https://github.com/AtlassianPS/JiraPS/issues/101)