How to create access token for JIRA Rest API? Of relevant data I have
User key
Private/public key combo
Jira's Rest API Oauth example assumes 3-legged approach, and is very unclear on what the actual parameters to send are (I wish Swagger is more widely used standard!).
In more detail, I have following use-case:
When creating new employee in Web Forms (ASPX) portal application I need to create new JIRA account and assign it to project (and role inside the project).
As such I would like to use OAuth2 2-legged authentication to accomplish this. I can probably hack it with Basic Authentication, but I would really like to do it properly.
Problem arises when trying to find code examples that use this approach. .NET examples are really scarce, and even examples in other languages usually use Basic Authentication (username and password transmitted on each call) or few that use 3-legged approach.
I found AnotherJiraRestClient but looking at the code it's using RestClient nuget (this is good) but with HttpBasicAuthenticator (this is bad).
I went through all Authenticators that are on offer and OAuth2AuthorizationRequestHeaderAuthenticator looks promising but it requires me to already have access token. So that is why the question in the end is "How to create access token, using 2-legged approach?"
I already created application link on JIRA's side with this settings:
Application Type: Generic Application
Outgoing Authentication: (gives 500 server error on Jira's side... but don't think it matters as I am not using it)
Incoming Authentication: OAuth
Status: Configured
Consumer Key: TEST_JIRA_KEY
Public Key: ... (generated online private/public key combo)
Atlassian currently doesn't support OAuth 2.0, but only 1.0(a).
There is a feature request for this: https://jira.atlassian.com/browse/JRA-43171
I have made an Open Source Jira client in C#, >=.NET 4.5 and fully async (with proxy support), which is available on GitHub and as a NuGet Package. See: https://github.com/dapplo/Dapplo.Jira
Today I added OAuth 1.0a support, which I got working and use the information here for testing:
https://bitbucket.org/atlassian_tutorial/atlassian-oauth-examples/src/d625161454d1?at=default
I used the public key from that repository to setup a test link on my Jira Cloud server, and use the private key in my test case.
The code for testing is here (it's commented out, as the OAuth process opens a browser, which is bad on the test-server)
https://github.com/dapplo/Dapplo.Jira/blob/master/Dapplo.Jira.Tests/JiraOAuthTests.cs
I am still looking at a way to make the certificate/private key reading easier, but in a way this is not the job for the library itself...
If there are any questions, I guess issues on GitHub are the best way to communicate.
Related
I am using the Docusign Authorization Code example (https://github.com/docusign/code-examples-csharp) to create a C# application connected to Docusign (which is already configured with our Single Sign On).
I also have another Azure App Registration to invoke my Custom API from Azure and I need to successfully get a token to invoke it.
I have successfully used MSAL javascript to invoke the custom API.
However, I am not sure if this is the safest or should i go with MSAL.NET (to do everything server side).
Anyone got ideas how to incorporate this additional MSAL.Net auth to my existing Docusign based C# code.
Thanks in advance !
I think both MSAL js, and MASL.NET are secure, but there are some limitations to what you can do with the former. If all you need is a token to invoke an API - you should be good, but Microsoft support more things that you may need the server side code for.
This article has a table that tells you all the different authentication flows Microsoft supports, and the different features each of them supports.
I have a c#-based program that can send messages and files to our SlackWorkspace via my SlackApp (I'm using HttpClient to communicate with Slack).
Now, to distribute this program in my workspace and to make it so that every user will have his own identity, it says that I have to use OAuth and create verification-tokens, specific for each user.
It says in the Slack-documentation I have to use a redirect-URL (as per docs) to my own server.
We have a server that I potentially could use for this. But I have never done anything like this before and I am unclear on what "answer" I have to provide from our server. I thought the verification-process would be handled by Slack.
Anyone has an idea on how to approach this?
And before anyone asks - yes we need to install it for everyone and make them identifiable as themselves. We can't use the "SlackApp" as user. :)
I would be very grateful for code examples(in c#) and explanations on how this whole redirect-thing is working.
Slack uses the standard Oauth 2.0 protocol to authenticate apps, similar to Google and Facebook.
So the "verification-process" is indeed mostly handled by Slack (as outlined here), but your Slack app needs to initiate it and handle the responses properly. Also its a multi-step process and includes the user having to login into Slack with their credentials. This why you need a web app to handle the whole process.
To enable a Slack app to generate tokens via Oauth a web app is needed:
can be reached from the Internet
able to handle HTTP requests like a web server
has persistent storage for the newly generated tokens
This is probably easier to implement with ASP.NET Web Pages, which can utilize many functions from an existing web server.
But for this answer, lets look on an implementation in .NET Core. For that we need to create our own web server and some rudimentary session handling. Main concepts include:
HttpListener class for providing fundamental ability to listen and respond to HTTP requests
Handle multiple requests in parallel
Cookies / Session handling
MD5 hashes
The details go a bit beyond the scope of one answer. But I am happy to share a working example implementation on this GitHubGist.
Btw: For the local development of such a web app its recommend to use a VPN tunnel like ngrok, that allows one to expose a local machine securely to the Internet and Slack.
I read the OneNote Api Documentation https://dev.onenote.com/docs
But I don´t understand how to make a request to the OneNote API with c# web application in order to get all the pages in my OneNote.
I already got the Application Id, Application Secret Id and Redirect URL, but i don´t know where do I have to use them, because I have never done and http request and the documentation only provide the following: https://www.onenote.com/api/v1.0/me/notes/pages, so I don´t know how to send the id´s, redirect url and Authorization: Bearer.
Could you provide me the specific code to get a successful connection to OneNote API using Application Id, Application Secret Id and Redirect URL.
And the code structure to make a http request in order to get all the pages, notebooks, etc
I would appreciate if you could help me with this.
I would recommend using Microsoft Graph instead of the standalone OneNote API. Microsoft Graph includes support for OneNote. There is also an SDK for .NET available. There are also code samples for ASP.NET, UWP and Xamarin.
Before you can use the Graph API (or most any REST API for that matter), you will need to obtain an authorization token (i.e. the bearer token you referred to in your question). There are libraries available for simplifying this process. Behind the scenes, these libraries are executing an OAUTH 2.0 flow. You can read about what is going on under the covers here.
I believe the link they have on the OneNote Dev page is broken. The team has put together a public repository that contains a bunch of sample code in a myriad of languages including C#.
This is the main repo
Web API (ASP.NET Core) Repo
I believe the easiest way to understand these concepts is to look at sample code that does authentication. I recommend this sample:
https://github.com/OneNoteDev/MsGraph_OneNoteApiSampleAspNetCore
Btw - the demo is here: https://onenoteapisamplegraph.azurewebsites.net
Thank you everyone I have Checked all the links that you provided me and they were very useful, I did a connection to Microsoft Graph with the authorization token and I got access to my OneNote pages.
Thank you for your help.
We have a whole bunch of clients that want us to start using their ADFS to allow their users into our web app using Single-Sign-On.
After reading up on WIF (which seemed to be the solution at first but is deprecated in VS 2013...), OWIN, oAuth, OpenID Connect, I'm completely confused as to the simplest way to implement SSO.
What is the best and simplest technology to use to implement SSO on an existing VS 2013 json restful service written in C#?
Ideally the technology would already be part of .NET.
Are there any code samples or tutorials out there for this scenario?
assuming that you want to consume your service from native clients, I would recommend that you protect your service using Web API middleware (which was already supported via OWIN middleware in VS2013) and implement your clients using the ADAL library. For a post specifically on ADAL and ADFS, see this. For more details on the Web API side of the solution, see this. If you want to target a variety of client platforms, you can find a complete collection of samples (for Azure AD, but easy to modify for ADFS) here.
This can be implemented through WSO2 IS as Relying Party in ADFS. When we will implement this setup the outcome/Income claims will be main source for User Profile load to WSO2IS for authentication and pass the SAML Response to SP(End URL of your application).
Refer the below links to configure WSO2 IS as relying party for ADFS and WSO2 IS configuration too.
https://omindu.wordpress.com/2015/06/19/setting-ad-fs-3-0-as-federated-authenticator-in-wso2-identity-server/
SSO would mean its Active Directory driven, or direct to IIS machine.config authentication instead of a web.config, but also considering the "simplest technology" you've mentioned, then this must be a call for something simple yet you can transform into what you really desire.
With this, we can refer to token-based web services authentication.
Here's a sample project from which I started and able to transform into something else. From here I think you can then change all authentications into AD or DB connect, or even both across your web services.
http://www.codeproject.com/Articles/9348/Web-Service-Authentication?fid=145460&df=90&mpp=25&prof=False&sort=Position&view=Normal&spc=Relaxed&fr=26#xx0xx
hopefully this would help.
Is there any open source libraries for creating http based authentication like flickr and remember the milk?
http://openid.net/ is nice for public facing sites. Same sort of thing stackoverflow uses.
Otherwise it'll depend on your web development framework.
You'll be signing requests. Any OpenID or OAuth library will have code which does that - if not a separate library, something you can rip out, even though you're not using the protocol flow.
Alternately, there's demo code for Amazon AWS clients in their developer docs which also signs requests with API keys and timestamps. It's the same process on the client or server side - comparing a hash with the original - so you'll probably just have to translate their request model to whatever your framework uses.
Neither of these are exactly what you're asking for, but it's a start.