When attempting to authenticate with the REST API I receive an invalid signature error. I’m passing the below as my base string:
And then signing it using a shared cert that I have set up in the application links section. Since I am getting a decrypted string back from JIRA I’m confident that I have configured my application link correctly. Below is what JIRA Returns:
&oauth_signature=<redacted because apparently atlassian doesn’t want me to put this in the question>
This is my first time working with OAuth. I was able to get the REST API Working with basic authentication, I just want something more secure.
I found this https://confluence.atlassian.com/applinks/troubleshoot-application-links/oauth-troubleshooting-guide#OAuthtroubleshootingguide-OAuthinvalidsig a while back and at first I discounted it as it didn’t seem like it could be the cause.
I used requestb.in/vyqrg1vy?inspect (note this page will only be active for like 48 hours) and was able to determine that no referer was being passed. I set this manually in the header:
And the error still persisted. From what I can tell, the referer header is the primary way http determines the URI of the application making the request. Is this not correct? What other method would the server be expecting the URI to be provided?
I removed the HTTP from some of the url’s as the community automatically converted them to links and I can’t have that many links.