AtlassianPS
A PowerShell community for Atlassian products
A PowerShell community for Atlassian products
In order to authenticate with the Jira server, the user can provide the credentials with each command or create a session.
At present, there are two main methods of authenticating to Jira:
Be sure to set JIRA up to use HTTPS with a valid SSL certificate if you are concerned about security!
Each JiraPS function that queries a Jira instance provides
a -Credential parameter.
Simply pass your Jira credentials to this parameter.
$cred = Get-Credential 'powershell'
Get-JiraIssue TEST-01 -Credential $cred
HTTP basic authentication is not a secure form of authentication. It uses a Base64-encoded String of the format “username:password” and passes this string in clear text to Jira. Because decrypting this string and obtaining the username and password is trivial, the use of HTTPS is critical in any system that needs to remain secure.
API tokens (also called Private Access Token (PAT)) are tokens generated by the user for authenticating against the API of Jira Cloud server.
An API token can be used for authenticating JiraPS with the server in the same way as described in HTTP Basic. The difference is, that instead of providing the username and password for the account, the email address and the API token must be used.
As of December 1st 2018, Atlassian requires API authentication with Cloud Servers to always use API Tokens. More information in the Deprecation notice.
Some implementations of Jira Server (on-premise) might not be able to use HTTP Basic authentication method noted above when using API tokens. For this, you may need to create a new Jira session using New-JiraSession and pass a custom Authorization header.
More information on the API tokens and how to create one can be found at: https://confluence.atlassian.com/cloud/api-tokens-938839638.html
JiraPS automatically detects whether your Jira instance is Cloud or
Data Center/Server by calling the /serverInfo endpoint (see
Get-JiraServerInformation). This detection is cached for the session.
On Jira Cloud, JiraPS adapts its behavior:
accountId instead of username for user identification
(required since Atlassian’s GDPR changes removed usernames from Cloud)/rest/api/3/search/jql)
with token-based paginationNew-JiraSession is used, since cookie-based sessions
are deprecated on Cloud — use -Credential with individual commands insteadNo changes are required in your scripts. JiraPS selects the correct API behavior based on the detected deployment type.
Jira sessions still require HTTP Basic or API Token
Authentication once to create the connection.
But in this case a persistent session is saved as a WebRequestSession.
This is Powershell’s way of reusing the data provided with the first call.
Previously Jira allowed for the authentication to use a session token. This token did not contain the username and password. Unfortunately, this API can no longer be used in combination with this module.
To create a Jira session, you can use the New-JiraSession function:
$cred = Get-Credential 'powershell'
New-JiraSession -Credential $cred
Once you’ve created this session, you’re done! You don’t need to specify it when running other commands - JiraPS will manage this session internally.
The session is stored in the module’s runtime. This means that it will not be available in a new Powershell session or if the module is reloaded.
Some implementations of Jira Server (on-premise) might not be able to use the methods listed above of using HTTP Basic authentication by passing an email address and token to authenticate. In this case, you will need to create a session by passing the API Token as a bearer token in a custom Authorization header.
To create a session using the API Token as the bearer token, you can use the New-JiraSession function:
$personalAccessToken = "<your_token_here>"
$headers = @{ Authorization = "Bearer $($personalAccessToken)" }
New-JiraSession -Headers $headers
Jira does support use of OAuth, but JiraPS does not - yet. This is a to-do item.