Jira Rest API using Azure AD Authentication not working: 401 Unauthorized

Jira Development Jira Cloud
, ,
1

Hi,

Our application currently uses Azure Active Directory for authentication. It’s going be a web application later on where you should be able to sign in using a “Continue with Microsoft” button. Now as Atlassian offers that option on their website as well, I was wondering if I could use Azure AD to authenticate with the Jira REST API. I haven’t found much on the internet or in their documentation covering this topic - maybe I overlooked something. What I’m basically trying to avoid is that the user has to login or gets prompted multiple times before the application can be accessed.

In Azure, the administrator connected the Atlassian Cloud Service, so that the registered app has the appropriate api permission.

When acquiring a token from Azure, the application requests the resource or scope “https://id.atlassian.com/login/user_impersonation” which works fine.

However, if I’m now trying to call the Jira Rest API with the generated token the response is:

{    
   "message": "Client must be authenticated to access this resource.",
   "status-code": 401
}

Obviously, something is wrong with the token. I already tried different scopes but I couldn’t come up with a solution. Is this even possible or does Atlassian simply not support authentication over 3rd party identity providers?

Thanks for any help in advance!

2

@YannHerren welcome to the Atlassian developer community.

No. It is not possible to authenticate to the Jira Cloud REST APIs using 3rd-party identity providers. Developers are limited to Basic, OAuth, and JWT, as described in our auth guide.

Maybe you could explain why OAuth wouldn’t work for your case. It seems like the right model, where users are behind Azure AD via SAML and they only have to grant access to your web application once. How did you want Jira customers to authorize access to your web application?

1 Like
3

okay, thanks a lot for the clarification!
You’re absolutely right, if it asked the user only once it would be fine. At the moment the application asks me every single time to allow permission to Jira. Might this be because the developer mode is currently on? The login however is indeed skipped which is good.

4

@YannHerren,

In case you missed it (a lot of developers do), there is a refresh token that your client can use to skip asking the user for authorization every time, but still get a fresh access token. Let us know if there’s a different reason for asking every single time.

1 Like
5

Will look into that! :slight_smile:
Thank you for your help