Don't allow username/password auth #34

justaugustus · 2022-12-25T02:38:19Z

No description provided.

lgecse · 2023-08-07T08:19:29Z

@justaugustus What we do now is username + APIToken basic auth. Should we remove this capability completely from the tool?

My recommendation is to keep it in the tool, but rename the config at least from jira-password to jira-apitoken. We are not allowing already to use the tool with jira username and password line 107 in jira.go

rappizs · 2023-08-07T11:21:45Z

Should we remove this capability completely from the tool?

I don't know how we could remove this auth method since other than this Jira only supports OAuth, which although is more secure, isn't really useful if we want to run the tool in an automatised way.

At the moment we support this basic auth (Basic auth for REST APIs) and OAuth 1.0a which is deprecated and should be replaced, see #31 (OAuth 1.0a for REST APIs (Legacy)).

I agree with @lgecse that we should keep this method and rename the jira-pass config value, since it's not really a password but an API token.

justaugustus added the bug Something isn't working label Dec 25, 2022

justaugustus mentioned this issue Dec 25, 2022

Initial TODOs #5

Open

8 tasks

justaugustus added this to the v0.1.0 milestone Dec 25, 2022

justaugustus mentioned this issue Aug 3, 2023

Default to dry-run operations #148

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Don't allow username/password auth #34

Don't allow username/password auth #34

justaugustus commented Dec 25, 2022

lgecse commented Aug 7, 2023 •

edited

Loading

rappizs commented Aug 7, 2023

Don't allow username/password auth #34

Don't allow username/password auth #34

Comments

justaugustus commented Dec 25, 2022

lgecse commented Aug 7, 2023 • edited Loading

rappizs commented Aug 7, 2023

lgecse commented Aug 7, 2023 •

edited

Loading