We found our REST API calls to download the attachment on Jira is blocked by installed 2FA plugin.
E.g After downloading the attachment 1.txt, the content of 1.txt mentions “Enter valid passcode from Mobile Authenticator to get an access of Jira.”
If renaming the 1.txt to 1.html, we can find out the root cause as follows:
Should a 2FA intercept REST API call? Will that have security concerns?