Help with JIRA Oauth PHP

Dear Atlassian community,

I am trying to figure out how to make a successful connection between my web application (locally on my company’s network) and JIRA through Oauth authentication. I created an application link using the following keys:

Consumer Key: dpf43f3p2l4k3l03

Public Key: the one given at:
https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-oauth-authentication?_ga=2.158496698.125580156.1503937336-908165507.14985088

The next steps, however, are a little muddy for me. I downloaded the sample php folder from Atlassian at this link:
https://bitbucket.org/atlassian_tutorial/atlassian-oauth-examples

And I loaded that folder into my application. In the readme, it tells me to make “some changes to the config to point to your Jira instance”, and tells me to change these three lines:

$oauth = new Lemon\OAuth(‘http://localhost:8181/’);
$oauth->setPrivateKey(’/Users/stan/Sites/ssl/myrsakey.pem’)
->setConsumerKey(‘1234567890’)

“In the first line you’ll want to change this to your Jira install.
In the second line you’ll want to change this to the path of your private key
In the third line you’ll want to put whatever you labeled as your “consumer key”.”

I am having trouble finding any of these three lines, or any config file, anywhere in the php folder given to me by Atlassian. I also don’t get what they mean by saying that I should “point my web browser” to the “web” folder and click to authenticate. Can anyone point me in the right direction? This is my first time doing any kind of complex Oauth authentication work, and I am unsure of how to move forward. I simply want to add a feature to my website to automate ticket creation.

Thank you,
Kevin Yin

Hi @kevin.yin,

These lines below can be found in web/index.php, lines 13-15

$oauth = new Lemon\OAuth(‘http://localhost:8181/’);
$oauth->setPrivateKey(’/Users/stan/Sites/ssl/myrsakey.pem’)
->setConsumerKey(‘1234567890’)

As for pointing the browser to the ‘web’ folder; I believe this refers to the ‘web’ directory/folder of the web server you’re using. Usually, when you have a local web server the root /web can be accessed via http://localhost:{port}, which means accessing the index.php (where the three lines are) is via http://localhost:{port}/index.php.

Cheers!
Ian

After configuring the index.php file, I was finally able to access the “web” folder. All I see are two links: Click here to reset the session, and Click Here to Authenticate with Jira.

However, when I click them, it just leads me to files that don’t exist. In my “web” folder there are only two files, index.php and .htaccess. When I click on the links it tries to lead me to “mywebsiteroot/web/connect” and “mywebsiteroot/web/reset”, both of which don’t exist. This seems to be the product of the function:

href="{{app.url_generator.generate(‘connect’)}}"

What am I doing wrong? What is the app.url_generator doing here?

I tried the tutorial and was able to make it work.

I followed the steps with little extra on my local machine:

  1. Setup my apache server. This tutorial works great.
  2. I copied the contents of my cloned /php inside ~/Sites
  3. From the generated myrsacert.pem, generate a public key by calling openssl x509 -pubkey -noout -in myrsacert.pem > pubkey.pem
  4. In JIRA’s Configure Application Links, edit your already created applinks. Go to Incoming Authentication and use the contents of the pubkey.pem to key in the Public Key field.

I then went to index.php then click Click here to authenticate with Jira, and works like the screen shot below.

Hope this helps.

1 Like

Hey Iraguado, thank you for your response. I tried it out, but it appears to still not work. Here is what happens when I redirect my application to the “web” folder:

That’s all that shows up. I don’t see any credentials below it. Then, when I attempt to click to authenticate, it tries to route me to a non-existing page called “connect”, warning me that it is not found.

All of this might just be coming from the fact that when creating my application link, it tells me that no response has been received. When I click continue, it allows me to create the application link anyway.

I am using an Ubuntu, Apache, MySQL installation on a local intranet virtual machine. I have verified that I have ports 443 and 80 open. I have also been able to successfully configure Google Oauth through the above web address. The address, “http://nexustest.ddns.net” is a DNS rerouting to an IP address. Inputting the IP address directly does not work as well. I feel like there is an issue with my configuration. Does anyone have any idea what I should do?

Thank you.

Thanks for the screen shot, it helped a lot. This part {{app.url_generator.generate('connect')}} generates the “url” for you. In this case, since you did not explicitly write index.php in the address bar, “/connect” is generated and referenced after /web when it should be after /index.php, hence, you’re getting the not found error. Try nexustest.ddns.net/web/index.php instead of using ‘#’. Clicking authenticate should lead you to nexustest.ddns.net/web/index.php/connect; if successful you’ll see a screen like mine, if not you’ll see a page showing the errors but the Not Found screen should not be displayed.

Thanks for that iragudo, that helped me move on to the next step. After debugging through a couple more errors, it has led me to anther bug. When I click connect, it seems to lead me to the correct location, but now I see this error on the screen:

(1/1) ClientErrorResponseException
Client error response
[status code] 400
[reason phrase] Bad Request
[url] https://phasefour.atlassian.net/plugins/servlet/oauth/request-token?oauth_callback=%2Fweb%2Findex.php%2Fcallback
in BadResponseException.php (line 43)
at BadResponseException::factory(object(EntityEnclosingRequest), object(Response))
in Request.php (line 145)
at Request::onRequestError(object(Event), ‘request.error’, object(EventDispatcher))
at call_user_func(array(‘Guzzle\Http\Message\Request’, ‘onRequestError’), object(Event), ‘request.error’, object(EventDispatcher))
in EventDispatcher.php (line 184)
at EventDispatcher->doDispatch(array(array(‘Guzzle\Http\Message\Request’, ‘onRequestError’)), ‘request.error’, object(Event))
in EventDispatcher.php (line 46)
at EventDispatcher->dispatch(‘request.error’, object(Event))
in Request.php (line 589)
at Request->processResponse(array(‘handle’ => object(CurlHandle)))
in Request.php (line 378)
at Request->setState(‘complete’, array(‘handle’ => object(CurlHandle)))
in EntityEnclosingRequest.php (line 49)
at EntityEnclosingRequest->setState(‘complete’, array(‘handle’ => object(CurlHandle)))
in CurlMulti.php (line 303)
at CurlMulti->processResponse(object(EntityEnclosingRequest), object(CurlHandle), array(‘msg’ => 1, ‘result’ => 0, ‘handle’ => ‘Resource id #3’))
in CurlMulti.php (line 257)
at CurlMulti->processMessages()
in CurlMulti.php (line 240)
at CurlMulti->executeHandles()
in CurlMulti.php (line 224)
at CurlMulti->perform()
in CurlMulti.php (line 111)
at CurlMulti->send()
in CurlMultiProxy.php (line 94)
at CurlMultiProxy->send()
in Client.php (line 284)
at Client->send(object(EntityEnclosingRequest))
in Request.php (line 198)
at Request->send()
in OAuthWrapper.php (line 44)
at OAuthWrapper->requestCredentials(‘plugins/servlet/oauth/request-token?oauth_callback=/web/index.php/callback’)
in OAuthWrapper.php (line 30)
at OAuthWrapper->requestTempCredentials()
in index.php (line 54)
at {closure}()
at call_user_func_array(object(Closure), array())
in HttpKernel.php (line 153)
at HttpKernel->handleRaw(object(Request), 1)
in HttpKernel.php (line 68)
at HttpKernel->handle(object(Request), 1, true)
in Application.php (line 496)
at Application->handle(object(Request))
in Application.php (line 477)
at Application->run()
in index.php (line 93)

I still think that this has something to do with my AppLinks not being configured correctly. When I initially try to configure it, I just get this message.

Then, after I click continue, it makes me create the AppLink anyway, without ever verifying that it works. The above URL is just a link I created from a DNS provider, and it points to a virtual machine IP address on my computer. Is there anything I can change that might be preventing my website from sending a response to Jira?

Were you able to edit the incoming authentication in your applink and placed the Consumer Key and Public Key? The public key being the contents of pubkey.pem that was generated by calling openssl x509 -pubkey -noout -in myrsacert.pem > pubkey.pem.

Yes, I have generated my private and public key and inputted them into JIRA, but I am still getting the same above error. Do these certificates need to be located in a specific folder in the application? My “index.php” is pointing correctly to the pem key, it is just detecting that the server is sending back a response that is throwing a “Bad Response Exception”.

I am able to edit the incoming authentication, but this is after Jira informed me that they were not able to get a response from my website to begin with. It says it creates an applink anyways, but I don’t know if it “really” did.

Dear iragudo,

Once again, thank you for helping me. I made some version changes with some of the composer programs, and I managed to make some progress (?). Now, I am simply getting a different kind of Client Response Error, but it seems to be more detailed:

(1/1) ClientErrorResponseException
Client error response
[status code] 400
[reason phrase] Bad Request
[url] https://phasefour.atlassian.net/plugins/servlet/oauth/request-token?oauth_callback=%2Fweb%2Findex.php%2Fcallback
[request] POST /plugins/servlet/oauth/request-token?oauth_callback=%2Fweb%2Findex.php%2Fcallback HTTP/1.1
Host: phasefour.atlassian.net
User-Agent: Guzzle/3.0.7 curl/7.38.0 PHP/5.6.30-0+deb8u1
Content-Length: 0
Authorization: OAuth oauth_consumer_key=“hardcoded-consumer”, oauth_nonce=“e9620ca9e4a0c08eca9efd85dfd737e0bf28e40f”, oauth_signature=“NVmovxBN3aC63fA4YZEnlXNQvUEEzIKop5yW7pxKbZC8mcHjTyDivky5oFRjupAL5o1wkFzYmHoIU7BetzuhAqHs1arbGH3udAbKMJQBhyc4Y59tI0j0lvzRiInQzGwTt%2FrMUkVBr06JEF%2Bx%2BKR6SJr2I0p3bLTWJiJPIfdPMBA%3D”, oauth_signature_method=“RSA-SHA1”, oauth_timestamp=“1504655956”, oauth_version=“1.0”

[response] HTTP/1.1 400 Bad Request
Server: Atlassian Proxy/0.1.113
WWW-Authenticate: OAuth realm=“https%3A%2F%2Fphasefour.atlassian.net”, oauth_problem=“parameter_rejected”, oauth_parameters_rejected=“oauth_callback”, oauth_problem_advice=“As%20per%20OAuth%20spec%20version%201.0%20Revision%20A%20Section%206.1%20%3Chttp%3A%2F%2Foauth.net%2Fcore%2F1.0a%23auth_step1%3E%2C%20the%20oauth_callback%20parameter%20is%20required%20and%20must%20be%20either%20a%20valid%2C%20absolute%20URI%20using%20the%20http%20or%20https%20scheme%2C%20or%20%27oob%27%20if%20the%20callback%20has%20been%20established%20out%20of%20band.%20The%20following%20invalid%20URI%20was%20supplied%20%27%2Fweb%2Findex.php%2Fcallback%27”
ATL-vTM-Backend-Time: 99
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Strict-Transport-Security: max-age=315360000; includeSubDomains; preload
Date: Tue, 05 Sep 2017 23:59:17 GMT
ATL-vTM-Time: 132
Connection: close
Content-Length: 556
ATL-vTM-Queue-Time: 0

oauth_problem=parameter_rejected&oauth_parameters_rejected=oauth_callback&oauth_problem_advice=As%20per%20OAuth%20spec%20version%201.0%20Revision%20A%20Section%206.1%20%3Chttp%3A%2F%2Foauth.net%2Fcore%2F1.0a%23auth_step1%3E%2C%20the%20oauth_callback%20parameter%20is%20required%20and%20must%20be%20either%20a%20valid%2C%20absolute%20URI%20using%20the%20http%20or%20https%20scheme%2C%20or%20%27oob%27%20if%20the%20callback%20has%20been%20established%20out%20of%20band.%20The%20following%20invalid%20URI%20was%20supplied%20%27%2Fweb%2Findex.php%2Fcallback%27
in BadResponseException.php (line 48)
at BadResponseException::factory(object(EntityEnclosingRequest), object(Response))
in Request.php (line 190)
at Request::onRequestError(object(Event), ‘request.error’, object(EventDispatcher))
at call_user_func(array(‘Guzzle\Http\Message\Request’, ‘onRequestError’), object(Event), ‘request.error’, object(EventDispatcher))
in EventDispatcher.php (line 174)
at EventDispatcher->doDispatch(array(array(‘Guzzle\Http\Message\Request’, ‘onRequestError’)), ‘request.error’, object(Event))
in EventDispatcher.php (line 43)
at EventDispatcher->dispatch(‘request.error’, object(Event))
in Request.php (line 757)
at Request->processResponse()
in Request.php (line 466)
at Request->setState(‘complete’)
in EntityEnclosingRequest.php (line 66)
at EntityEnclosingRequest->setState(‘complete’)
in CurlMulti.php (line 499)
at CurlMulti->processResponse(object(EntityEnclosingRequest), object(CurlHandle), array(‘msg’ => 1, ‘result’ => 0, ‘handle’ => ‘Resource id #42’))
in CurlMulti.php (line 426)
at CurlMulti->processMessages()
in CurlMulti.php (line 387)
at CurlMulti->perform()
in CurlMulti.php (line 278)
at CurlMulti->send()
in Client.php (line 363)
at Client->send(object(EntityEnclosingRequest))
in Request.php (line 263)
at Request->send()
in OAuthWrapper.php (line 44)
at OAuthWrapper->requestCredentials(‘plugins/servlet/oauth/request-token?oauth_callback=/web/index.php/callback’)
in OAuthWrapper.php (line 30)
at OAuthWrapper->requestTempCredentials()
in index.php (line 54)
at {closure}()
at call_user_func_array(object(Closure), array())
in HttpKernel.php (line 144)
at HttpKernel->handleRaw(object(Request), 1)
in HttpKernel.php (line 64)
at HttpKernel->handle(object(Request), 1, true)
in Application.php (line 586)
at Application->handle(object(Request))
in Application.php (line 563)
at Application->run()
in index.php (line 93)

You’re welcome, Kevin.

The new problem you’re encountering is caused by the invalid oauth_callback parameter being passed. Do you have an idea what change/s was/were made on your end to make oauth_callback to ‘/web/index.php/callback’? Oauth_callback should be an absolute URI; checking mine the generated callback URL is ‘http://localhost/~iragudo/web/index.php/callback’. In terms of the source code changes, I only changed three lines in index.php.

Regarding the applink creation, I used a dummy site for this sample (http://example.com) and I was still able to make the OAuth sample program work.

Regards,
Ian

1 Like

Thank you! I solved the problem by simply hard-coding the website into the "setCallbackUr() function. It might not be the best solution, but it says that I am connected.

Hey @iragudo,
I’ve been trying to setup the PHP example code on a remote server and am having issues with a 500 error when accessing the ‘web’ page, ‘web/index.php’ or ‘web/index.php/callback’.
It doesn’t seem to be the .htaccess file but actually the code in the index.php file.
I’m guess it’s a dependency issue as stated in this issue: 500 Error while retrieving temporary credentials for OAuth flow
Do you have any thoughts on why that might be the case?

Hi @Andrew2,

To bring more context as to how you arrived with Error 500, can you walk us through the steps you did to set things up?

When I did this before, I followed this readme then some additional steps mentioned in this reply.

Cheers,
Ian

Hi Iragudo,

Thanks a lot for this useful information. I got the same screen with OAuth Credentials. What is the next steps to complete this stuff?

Thanks in advance

Welcome to the Atlassian Developer Community, @andranik_balasanyan !

This has been quite dated since the original post was way back 2017 :slight_smile:

If I remember it correctly, once you get to the screen with OAuth credentials with the Jira priorities table below, then you already made a successful REST API call with OAuth all set up. Check index.php as it calls Get priorities API for Jira 7.x.x (and earlier versions).

Cheers,
Ian

1 Like