Hello,
I’m using oauth to authenticate my user and the full dance is done without any problem. The issue is when I try to perform any request using my user access token: I get a signature_invalid error response.
The Jira I’m using is accessed through a nginx https reverse proxy.
I already followed the troubleshooting guides about:
- The
signature_invalidproblem: OAuth error oauth_problem=signature_invalid | Atlassian Support | Atlassian Documentation - Reverse proxy problems: Reverse Proxy and Application Link Troubleshooting Guide | Atlassian Support | Atlassian Documentation
Configuration:
My nginx configuration:
server {
listen 443 default_server ssl;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host {jira public fqdn};
}
ssl on;
ssl_certificate {path to cert.pub};
ssl_certificate_key {path to cert.key};
}
The Connector part of the server.xml Jira configuration file:
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="false" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"
scheme='https' proxyName='{jira public fqdn}' proxyPort='443'
secure='true'/>
The Base URL of the Jira configuration (in Administration/System) is set to https://{jira public fqdn}
(Obviously the {jira public fqdn} part of the above configurations is the actual fqdn that I obfuscated here)
Error detail:
The exact error that Jira returns is (with some obfuscated values):
{
"statusCode": 401,
"body": "oauth_problem=signature_invalid&oauth_signature={signature}&oauth_signature_base_string=GET%26https%253A%252F%252F{jira public fqdn}%252Frest%252Fapi%252F2%252Fmyself%26oauth_consumer_key%253D{consumer key}%2526oauth_nonce%253D{nonce}%2526oauth_signature_method%253DRSA-SHA1%2526oauth_timestamp%253D1560764851%2526oauth_token%253D{token}%2526oauth_version%253D1.0&oauth_signature_method=RSA-SHA1",
"headers": {
"server": "nginx/1.10.3",
"date": "Mon, 17 Jun 2019 09:47:31 GMT",
"content-type": "application/x-www-form-urlencoded;charset=UTF-8",
"content-length": "680",
"connection": "close",
"www-authenticate": "OAuth realm=\"https%3A%2F%2F{jira public fqdn}\", OAuth realm=\"https%3A%2F%2F{jira public fqdn}\", oauth_problem=\"signature_invalid\", oauth_signature=\"{signature}\", oauth_signature_base_string=\"GET%26https%253A%252F%252F{jira public fqdn}%252Frest%252Fapi%252F2%252Fmyself%26oauth_consumer_key%253D{consumer key}%2526oauth_nonce%253D{nonce}%2526oauth_signature_method%253DRSA-SHA1%2526oauth_timestamp%253D1560764851%2526oauth_token%253D{token}%2526oauth_version%253D1.0\", oauth_signature_method=\"RSA-SHA1\""
},
"request": {
"uri": {
"protocol": "https:",
"slashes": true,
"auth": null,
"host": "{jira public fqdn}:443",
"port": "443",
"hostname": "{jira public fqdn}",
"hash": null,
"search": null,
"query": null,
"pathname": "/rest/api/2/myself",
"path": "/rest/api/2/myself",
"href": "https://{jira public fqdn}:443/rest/api/2/myself"
},
"method": "GET",
"headers": {
"accept": "application/json",
"Authorization": "OAuth oauth_consumer_key=\"{consumer key}\",oauth_nonce=\"{nonce}\",oauth_signature_method=\"RSA-SHA1\",oauth_timestamp=\"1560764851\",oauth_token=\"{token}\",oauth_version=\"1.0\",oauth_signature=\"{signature}\""
}
}
}