Jira Token Generation appears Broken

JohnChesshir · July 1, 2022, 8:01pm

Several months ago (10/29/2021, to be exact) I used my Personal Jira account to generate an API Token. That generated token still works to this day.

Today, though, we started trying to generate a token from a special company account in case I ever have to leave my company, and that token does not work. I noticed that while the token I originally generated is 72 characters long, the newer one is only 24 characters long.

Furthermore, I tried going back to my own account’s API Tokens screen. There I can see the old token I generated, and when I use it to access the API from my program, I can see that it acknowledges I’ve used it within a short amount of time. But then when I generate another new token, that new token (which is also only 24 characters long) from the same working account does not work anymore than the token from the new account.

So it appears that this is not an account problem, but a Jira Token generation problem.

Any ideas on what might be going on?

P.S. I found that this might be a better platform to inquire of after creating the original ticket in the Jira-questions Community board: Solved: Jira Token Generation appears Broken

sunnyape · July 2, 2022, 1:58am

Hello @JohnChesshir

As far as I know, the tokens generated for users in Jira Cloud have always been 24 chars long.

I just generated a new token for myself and it works perfectly

I think you’re making a mistake somewhere else.

JohnChesshir · July 8, 2022, 5:45pm

@sunnyape There may be something about my code that doesn’t work with the 24 char key, but I have a token I generated back on October 29, 2021 that is 72 chars long and still works with the code I set up back then to use it. Here’s the code that uses the API key to set up an HttpClient connection:

		private HttpClient GetClient()
		{
			if (_client == null)
			{
				_client = new HttpClient();
				string apiToken = <my_api_key>;
				_client.DefaultRequestHeaders.Authorization = AuthenticationHeaderValue.Parse($"Basic {apiToken}");
				_client.BaseAddress = new Uri("https://<mycompany>.atlassian.net");
			}

			return _client;
		}

And the specific line that is failing when I change the JiraApiKey to be a new 24 character string:

			HttpClient client = GetClient();

			HttpResponseMessage response = await client.GetAsync($"rest/api/2/issue/{issueId}");
			response.EnsureSuccessStatusCode();

The status code that actually comes back is 404, Unauthorized.

JohnChesshir · July 8, 2022, 6:15pm

I just figured it out. I had to go back to the documentation for using Jira Cloud API Keys to remember a step between generating the API key and setting it up for my application to use. The process requires combining the key with the username of the account that generated it and base64 encoding that combined string. The result, in my case, yielded a 72 char string that I was incorrectly assuming came directly from the application.