401 unauthorized error even though API token successful

[almostfamous09]

Provide a general summary of the issue in the Title above

My colleagues are able to refresh an existing table but my refresh button does not do anything. Tried to create a fresh table and received an 401 unauthorized error and am unable to create.

Provide a more detailed information of the issue

Steps to reproduce

Provide Debugging information For further investigation, please activate Debugging in "About" dialog, provide us with your "Temp. User Key" and then perform at least one another try. This way it will log the error and debug information to project owners StackDriver logging account where we can analyze it better.

Note: User credentials are not transmitted in any log data.

Temp user key: AI3kGSge9aZxGoHCP/bjiBa/suZLxdUvo2CkqYsf0D9oZM7lX2HNRZDojFBkRDh/1SqnSEMI1mGc

Steps to reproduce

Provide a set of unambiguous steps to reproduce this bug include code, if relevant 1.Open Google Sheets > Add-Ons > Project Aid for JIRA > Settings

2. Used proper JIRA link, username and API token.
3. Creating a new issue table --> Receiving a 401 Unauthorized error on Also not able to refresh an existing table my colleague set up API token set up said successful and Jira API is active and refesh seems accurate

Expected result

Tell us what should happen

1. refresh data table

Actual result

Tell us what happens instead

1. Click refresh nothing happens
2. Create new issue table --> 401 error

[ljay79]

Hi @almostfamous09 as the screenshot indicates, apparently your account / user is not allowed to retrieve the filters from your Jira instance. I would suggest to get in touch with your admin to check your users permissions.

BTW: The Logs indicating same on my end:

https://vydia.atlassian.net/rest/api/2/filter/my?includeFavourites=true

The selected filter is not available to you, perhaps it has been deleted or had its permissions changed.

[almostfamous09]

Hi @ljay79 - This is what I assume as well, however I am the admin and my permissions are exactly the same as the PM that set up this filter. It works for the other PMs on the team. Filter permissions seem to be at the project level and we only have one project so this should work. I can see the filter but I cannot refresh the connected table / sheet.

[ljay79]

In Jira itself, can you see and access the filter in question.

[almostfamous09]

Yes I can see it and have it starred

[ljay79]

Strange. Can you create a complete new spreadsheet and try insert a new IssueTable. Maybe even try a new very basic filter.

Just to eliminate a few possibilities of root cause.

[almostfamous09]

I created a brand new sheet and selected to "Create Issue Table from Filter" and before I could even make a selection I get that red error bar "No filters available!Failed to retrieve jira filters with status [401]!\nUnauthorized" even though my token is connected successfully and refreshes in Jira.

In addition to the favorite filter colleague made, I created my own filter to see if that would resolve the issue. However, even as the creator/owner of a filter this error still occurs.

Any other ideas?

Thanks

[ljay79]

What happens when you access (via menu) the "Configure Custom fields" and/or "Show Jira field map"?

[ljay79]

BTW: Could you please provide me with your new Temp user key.

[almostfamous09]

Temp Key: ALEt7zSqBsLalUhwlo/4/QLg/lqhqBcLy7NhkJo2BOY0wysoEpDuvDVnsy/eCAENQ7aBcn0KjrPX

Here's what configure custom fields looks like:

[ljay79]

Are you using email + token or username + token for your credentials?

[ljay79]

Please try to perform following in a terminal/console window on your workstation:

Replace "emailAddress" and "apiToken" with your own values.

Jira server:

curl -u emailAddress:apiToken -X GET -H "Content-Type: application/json" https://vydia.atlassian.net/rest/api/2/filter/favourite

Jira cloud:

curl -u emailAddress:apiToken -X GET -H "Content-Type: application/json" https://vydia.atlassian.net/rest/api/2/filter/my

Let me know what the response is...

[ljay79]

@almostfamous09 any new on this? As it affects your filters and custom fields, i believe it is something related to permissions / authentication

[gewuerzgurke84]

Hello together,

I've just checked the sourcecode and found the authentication always uses HTTP Basic Authentication https://github.com/ljay79/jira-tools/blob/2616e9a75629bca3a9409e19e16bc9f7d61bb7b9/src/jiraApi.gs#L101

If one would like to use personalized API tokens instead of original username/password from JIRA then Bearer Authentication seems to be required (see https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html)

We really found this Addon very useful but cannot provide user/pass due to security guidelines. Using an API token for that purpose would work for us. Any chance to implement:

1. Selection on the configuration panel to select between user/pass vs user/token authentication
2. Change authentication-type depending on user config

Thanks & Best Regards, Alex

[gewuerzgurke84]

Hi @ljay79 , any chance the mentioned improvement could be implemented? Let me know if you need further information. Thx & BR, Alex

[ljay79]

Hi @gewuerzgurke84 sry for my late reply. Actually the add-on does support personalized Token to be used instead of password and is actually recommending it. Please check the readme: https://github.com/ljay79/jira-tools#b-atlassian-api-token

Did you tried that already?

[gewuerzgurke84]

Hi @ljay79,

I think you're refering to the API-Tokens which are implemented on Jira Cloud. We run Jira instances on-premise (server/dc edition) which provide so called "Personal Access Token" in recent versions (see https://jira.atlassian.com/browse/JRASERVER-67869). These personal access tokens do not have username/password using Basic-Auth but use a bearer token:

curl -X GET -H "Authorization: Bearer $mySecureToken" https://myJiraHost/myRestCall

Thx & BR, Alex

[ljay79]

You are right, i understand now. "API Token" vs. "Personal Access Token". The things is, it appears to me a quite trivial feature change, however i do not have any Jira Server to test anything with.

Would you be able to temporary setup a test user on your system so i might be able to integrate such feature and test it properly?

[gewuerzgurke84]

Sure, we can do this. Maybe you could provide an email address/telegram/whatever you prefer, so I can drop you the link, username, password?

[ljay79]

@gewuerzgurke84 please check it out. Release v1.4.9 is now published supporting "Personal Access Token" for Bearer authentication.

[gewuerzgurke84]

Cool, thanks a lot for the release. I've justed tested it and it work's really good. One trivial issue I've found is that there is no error message if you try a wrong personal access token. Only in case the token is valid a success message shows up...

[ljay79]

Yeah, i will need to see if this specific to your server or an general issue. The API is responding with Status 200 and a fancy HTML page instead of authorization error or similar :(

curl -X GET -I \
    -H "Authorization: Bearer asasas" \
    -H "Accept: application/json" \
    -H "Content-Type: application/json" \
    https://myJiraHost/myRestCall

[emilyakavor]

Yeah, i will need to see if this specific to your server or an general issue. The API is responding with Status 200 and a fancy HTML page instead of authorization error or similar :(

curl -X GET -I \
  -H "Authorization: Bearer asasas" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  https://myJiraHost/myRestCall

Getting the same behavior for confluence server REST API. Wrong token returns 200 with a proper json response looking like this {"results":[],"start":0,"limit":25,"size":0,"_links":{"self":"http://confluence.example.com/rest/api/space","base":"http://confluence.example.com","context":""}}