jira-cli: Fails to account for SSO logins
Describe the bug
when using jira init
it requests an email and immediately errors with 401 Unauthorized
. This is, presumably, because at our company we use Single Sign On to authenticate, not our emails.
Short term suggestions:
- document that SSO isn’t supported in the Readme (so that folks don’t bother installing it if they can’t use it)
- ask what form of authentication the person uses before requesting the email and indicate that SSO isn’t supported if they choose it, or if it’s possible to determine that SSO is what’s configured when you query the server, just indicate that that’s the problem in the error message.
Please provide following details
- JiraCLI Version:
(Version="1.1.0", GitCommit="3b93e147eac468ad985bdece27469153b4bb2814", CommitDate="2022-08-14T08:10:40+00:00", GoVersion="go1.18.3", Compiler="gc", Platform="darwin/amd64")
- Are you using Jira cloud or on-premise jira server? Also mention the version for on-premise installation.
Jira cloud
- What operating system are you using? Also mention version.
macOS Monterey 12.6
- What terminal are you using? Also mention version.
iterm2 build 3.5.0beta7
To Reproduce
Steps to reproduce the behavior:
- have a jira cloud account that uses SSO
- run
jira init
and give it a valid email address - See error
Expected behavior I’d expect it to either work, or to provide me with an indication than SSO isn’t supported.
About this issue
- Original URL
- State: open
- Created 2 years ago
- Reactions: 10
- Comments: 16 (2 by maintainers)
FWIW, I have a work JIRA instance with SSO (via Google Auth). These steps worked for me.
export JIRA_API_TOKEN=<GENERATED_TOKEN>
in your.bashrc
file.JIRA_AUTH_TYPE
setting, it did not work for me when this was set tobearer
Hi @masukomi, I am also using jira-cli with SSO in my company but its a self-hosted Jira Server. I think it should work if are able to generate Personal Access Token (PAT).
Basically what I am doing is:
JIRA_AUTH_TYPE
tobearer
JIRA_API_TOKEN
to the generated personal access tokenjira init
and use your email or username.I am using Jira Cloud with Atlassian’s SSO and I just need to set this:
Setting username and password in
.netrc
(without manually setting the token) leads to a ‘401 Unauthorized’ becausejira init --debug
tries to authenticate using Basic Auth, which I guess is not supported once you move to Atlassian’s SSO. When explicitly passing forcing Bearer Token auth withJIRA_AUTH_TYPE=bearer jira init --debug
I see that the value of the bearer token is not sent along.It’d be nice if we could set the
JIRA_AUTH_TOKEN
in the.config/.jira/.config.yml
so I don’t have to have such a sensitive token in my env vars at all time. For now I have just created the following alias in my.bashrc
/zsh config:the
api_token.env
file contains:I ran into this today as well. @spprashant documented the workaround that unblocks me (don’t set
JIRA_AUTH_TYPE
)I also can’t get this to work with SSO (Azure) with any combination I’ve tried:
.netrc
fileOn macOS, installed via Homebrew. I see the following error:
@Akorian You need to export them too,
export JIRA_AUTH_TYPE=bearer
, to make them available to other programs.