asfaltboy
commented
8 years ago @dcramer any thoughts on this? I'd just like to say we've been using this without issues so far.
Closed asfaltboy closed 8 years ago
asfaltboy
commented
8 years ago @dcramer any thoughts on this? I'd just like to say we've been using this without issues so far.
dcramer
commented
8 years ago My concern would be when cookies expire. We're going to be moving towards OAuth as soon as time permits, which seems to be the most correct way to address this.
asfaltboy
commented
8 years ago Ye, this does seem like the logical step forward, though we could probably support any of the 3 methods if required. The python example and the docs make it look easy enough.
If you want, and time permits, I can submit a new PR for OAuth support. This feature would require at least adding a few dependencies (pycrypto/cryptography and python-oauth2) and a new db field/model for storing the access token.
edit gonna close this PR for sake of cleanliness.
This changes auth behavior to perform authentication with a POST and use the retrieved session cookie (the default in requests.Session), as explained in Jira's documentation.
This has some benefits over HTTP Basic/Digest Auth: * The credentials are not sent with every request * With session-cookies we can send requests to a JIRA server behind a firewall / auth. Specifically, without this, an HTTP proxy/server using auth may strip JIRA credentials prior to the request reaching the server, resulting in unauthenticated requests.
Implementation TODO list: