search

gioboa / jira-plugin

Jira plugin for VsCode
https://marketplace.visualstudio.com/items?itemName=gioboa.jira-plugin
MIT License
265 stars 41 forks source link

Authenticating via password should be deprecated #148

Closed walidvb closed 4 years ago

walidvb commented 4 years ago

Describe the issue the plugin still offers password authentication, although JIRA responds with a deprecation error

Also, it would be good to explain how to generate an OAuth token within this plugin(or link to the relevant page): https://id.atlassian.com/manage-profile/security/api-tokens (found in #129 )

To Reproduce Steps to reproduce the behavior:

  1. Install plugin
  2. Run 'Setup Credentials'
  3. Add Url, email, and password
  4. See error in debug console

Expected behavior I cannot use password, considering it is not supported

Log

{"statusCode":401,"body":"Basic authentication with passwords is deprecated.  For more information, see: https://confluence.atlassian.com/cloud/deprecation-of-basic-authentication-with-passwords-for-jira-and-confluence-apis-972355348.html\n","headers":{"server":"AtlassianProxy/1.15.8.1","content-type":"text/plain","strict-transport-security":"max-age=315360000; includeSubDomains; preload","date":"Thu, 28 May 2020 16:36:43 GMT","atl-traceid":"a0dc5bb4e9asdebee08","x-xss-protection":"1; mode=block","transfer-encoding":"chunked","x-content-type-options":"nosniff","connection":"close","expect-ct":"report-uri=\"https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy\", enforce, max-age=86400"},"request":{"uri":{"protocol":"https:","slashes":true,"auth":null,"host":"my-project.atlassian.net","port":443,"hostname":"my-project.atlassian.net","hash":null,"search":null,"query":null,"pathname":"/rest/api/2/status","path":"/rest/api/2/status","href":"https://my-project.atlassian.net/rest/api/2/status"},"method":"GET","headers":{"authorization":"Basic somestringthatwasherebutshouldntbepublicmaybe=","accept":"application/json"}}}
gioboa commented 4 years ago

Hi @walidvb, if your Jira doesn't support basic authentication you can fill the password input with your user Jira token. Basic authentication is supported for old Jira versions. :+1:

walidvb commented 4 years ago

My bad, I figured this would be for all JIRA users. thanks for your time and attention (maybe a mention to the url to create OAuth would be useful anyways!) I'll let you close, as maintainer 🙏🏻

gioboa commented 4 years ago

Here I've mentioned about the token :+1: