Login into jira with JIRA REST API ( Cookie Based) PHP

For our interm assesment we and another classmate have to build a jira extension to a website which allows customers to view everything related to their issues and allows them to create new/view them inside of their project.

We wanted to use cookie based authentication (oposite to re-verifieing the user upon every request) however the auth request always returns Login failed, and we can’t seem to find the cause.

We both have almost no experience in jira or with the api itself so we hoped someone could help us out.

We are sending the request via ajax to a different php file to handle the request like below.

index.php

<body> 
<form id="login-form" action="jiracookie.php" method="post">
   <input type="text" id="username-input" name="username" placeholder="username" /><br />
   <input type="password" id="password" name="password" placeholder="password" /><br />
</form> 
<button id="login-button" >login oauth</button>
<button id="profile-button">retrieve profile</button>
script type="text/javascript"> 
   $("#login-button").click(function(){
      $.ajax({
         type: "POST",
         url: "jiracookie.php",
         data: $("#login-form").serialize(),
         success: function(data) {
            var win = window.open();
            win.document.write(data);
         }
      });
 });
 $("#profile-button").click(function(){
      $.ajax({
          type: "POST",
          url: "jiraprofile.php",
          data: $("#username-input").serialize(),
          success: function(data) {
             var win = window.open();
             win.document.write(data);
          }
      });
 });
 </script>
</body>

jiracookie.php

<?php 
 $ch = curl_init('https://xxxxx.atlassian.net/rest/auth/1/session');
 $jsonData = array( 'username' => $_POST['username'], 'password' => $_POST['password'] );
 $jsonDataEncoded = json_encode($jsonData);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);

 curl_setopt($ch, CURLOPT_POST, true);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
 curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
 
 $result = curl_exec($ch);
 curl_close($ch);

 $sess_arr = json_decode($result, true);

 echo '<pre>';
 var_dump($ch);
 var_dump($sess_arr);
 echo'</pre>';

 if(isset($sess_arr['errorMessages'][0])) { 
 echo $sess_arr['errorMessages'][0];
 } else {
 setcookie($sess_arr['session']['name'], $sess_arr['session']['value'], time() + (86400 * 30), "/");
 echo "Login Success!";
 }?>

Cookies based auth is not recommended. It’s still around because we have some older apps in the marketplace that still require it. From the docs:

We recommend that you do not use cookie-based authentication in most cases. If you need to implement something quickly and security is not a concern, then you can use basic authentication. In all other cases, OAuth is better than cookie-based authentication.

My suggestion is to use basic authentication Basic auth for REST APIs