Does JWT-based authentication work for Jira web pages (not for REST API)?

We have a use case where we need to access information that is not currently available via the Jira Cloud REST API. As an alternative, we could scrape this from the Jira web UI, as the info is available in one of the Jira screens.

For this, we need to open up a browser programmatically and authenticate to Jira. During our experiments we tried various authentication techniques, including JWT.

It seems JWT-based authentication is not enabled for Jira web pages?! It is not documented anywhere whether it “will work” or “will not work”, but we couldn’t get this working.

Does anyone know if it is supposed to work? (Sample code eventually?)

@aron.gombas, no, JWT authentication can only be used with the REST API, and only for specifically whitelisted resources.

For each REST endpoint, you will se in the API documentation either “App scope required: …” or “Apps cannot access this REST resource”.

Have you raised a feature request for the missing API?

@epehrson Thanks for confirming!

I raised the feature request, yes. As it requires larger enhancements that probably will require adding multiple end-points, I don’t think that I will see this in the near future. But, the end-user request is there, so I am looking for workarounds.

Do you have any suggestion what authentication technique to use in the context of page scraping? Or is there a change to discuss those REST API additions, eventually?

I imagine cookie-based authentication is the only thing that might work, but even so, I doubt Atlassian would support it explicitly for scraping use cases.

Can you link the feature request here?

So basically we want to export dashboard pages, because this is the #1 most requested feature in the cloud version of our Better PDF Exporter app. (We have this feature in the Server/DC version and the end-users, of course, expect feature parity.)

See the feature request at: https://ecosystem.atlassian.net/browse/ACJIRA-1653

Also, if you by cookie-based authentication you meant the “cloud.session.token” thing, it is communicated as “deprecated” throughout the doc.

Note that we tried it, and it seems to work, but building on something that will be (is being) removed does not sound like a good idea.

Yes, cookie-based authentication seems to be deprecated along with Basic authentication in favor of API tokens. So if API tokens don’t work, I guess you’re out of luck for scraping.

If you have specific questions about that feature request, I would suggest you comment on it, and hopefully get the attention of a Jira PM.