JIRA instance is configured to login with SSO, but some client only support base-auth(username and password) , So How can i call jira api use Base Authentication when login meth is SSO.
One way is to create a native user account directly in Jira instead of using an account from the SSO (and you can simply use Basic authentication).
Related
When a user enters their company username and password on the OKTA login page of their company dashboard so he/she can get access to apps on the OKTA dashboard as show below:
What OAuth flow/protocol is used? Is this an authentication code flow with PKCE that returns an identity token that is later sent to the OKTA dashboard backend?
Thanks
It's OIDC app, which uses authorization_code flow with PKCE. You can inspect your network tab while logging in, to find the following request https://redacted.oktapreview.com/oauth2/v1/authorize?client_id=redacted&code_challenge=GpFYQtoQXn1S1NtDJCZGTIQ8x0LSazjZJzE4KQvwPM0&code_challenge_method=S256&nonce=KLn05YhdZ87nJ4Jpbrxauo4oJQeaSV8ZLIVlBeiJT6eQSnvhuun6hvSYbE3E3dBr&redirect_uri=https%3A%2F%2Fredacted.oktapreview.com%2Fenduser%2Fcallback&response_type=code&state=If1z2jR0yCJunv0oXdzlxxAAMIoyNFsVpAuXSjZnSW5tE7vMJIL8EQEBMWqZL8xN&scope=openid%20profile%20email%20okta.users.read.self%20okta.users.manage.self%20okta.internal.enduser.read%20okta.internal.enduser.manage which clearly supports my statement
it could be either SAML or OIDC. If it is OIDC, it usually implements authorization code flow with or without PKCE.
I'm trying to use JIRA API for creating story, task or bug on JIRA tool but account needs to be login first for performing all operations. I have my Azure AD account used for JIRA login on UI but I'm unable to find a way to login using JIRA API. Community, please help here.
Jira's REST API can't use Azure credentials for authentication. Depending on whether you're connecting to Jira Cloud or Jira Server, it uses OAuth, keys and tokens, or usernames and passwords.
Refer to this Security overview page for all the methods supported.
I implemented OpenIddict with ASP.NET Identity as a separate auth server and I use the client credentials and password flows. I also have a web api project as the resource server.
The resource server is deployed in IIS and needs to authenticate domain users as well as end users. All controllers have the [Authorize] attribute and the actions have a custom authentication filter inheriting from ActionFilterAttribute with which I check for permissions against the db. The resource server has integrated windows authentication.
Currently at this stage of the development I cannot use ADFS or AAD.
Domain users access the resource server using a Winforms app in which they pass their network credentials. End users have websites and native apps and will/should use password flow to get an access token.
So, my question is:
Should I have an endpoint with [Authorize] in the auth server with which the domain users can authenticate with? In this case I would also need to use integrated windows authentication (which I'd rather like to avoid).
And once the domain user is authenticated, should I use the client credentials flow to acquire an access token? Domain users do not need to be saved in ASP.NET Identity. End users will use password flow.
Is this the correct way to handle both Windows Authenication and OpenId?
I am currently using Firebase Authentication in my app using the built-in OIDC providers (Google, Facebook etc.). Is it possible to use Okta as an additional OIDC provider with minimal modifications to my app, meaning Okta should behave just like any other built-in provider? Firebase Auth apis, such as firebase.auth().currentUser and firebase.auth().onAuthStateChanged() should still work.
The doc page for Custom Authentication talks about getting a custom token from an auth server, but does not clarify if that's an OAuth access token. Is there an example of Okta integration or a generic OIDC integration that works seamlessly with Firebase auth?
There's no built-in Okta provider for Firebase Authentication, but if you have an existing authentication flow for it, it's fairly easy to integrate it into Firebase as a custom provider.
It's a 6 step process:
You gather the user credentials on the client.
You pass those credentials to a trusted environment, either a server you control, or Cloud Functions.
On the server you verify that the credentials are correct according to Okta, typically by calling a server-side API they provide with a key you provide.
You then use the results of that call to mint a new ID token for the user. This is a JWT, not an OAuth access token.
You pass back that ID token from the server to the client.
The client then calls firebase.auth().signInWithCustomToken(token) with the ID token, to sign in to Firebase Authentication.
I am using in-memory DB for storing user details in WSO2 Identity server. I create couple of users via UI and now I want to authenticate those user using some external application.
Is there any available WSO2 service which takes User credentials and authenticate based on the details provided? I saw few articles where they mainly talking about User Stores. But there, I think, they directly connect to DB to compare the credentials.
There are multiple ways to authenticate a user from Identity Server. Easiest way is that you can call the admin service (SOAP service) for authentication (RemoteUserStoreManagerService/authenticate). Or you can create a OAuth application inside the IS and use resource owner grant type to pass the credentials and authenticate.
You can find admin service related information from here [1] and password grant related information from here [2]
Is there any available WSO2 service which takes User credentials and
authenticate based on the details provided?
I believe we've misused the Token API service ( /token with password OAuth profile) to request an OAuth code and the WSO2IS effectviely validates the user's credentials.
I suggest your application would stick to some authentication and authorization standards supported by the WSO2IS, such as OAuth 2.0 or SAML.