jira: support Jira Cloud (API token via Basic auth) alongside Server PAT#2236
Merged
Conversation
Auth is now host-detected in createJiraClient: *.atlassian.net instances send the API token as HTTP Basic (base64 email:token), all other hosts keep the Server/DC Bearer PAT. Reuses the shared no-throw host extractor (hostFromOriginUrl) for cloud detection. Adds unit tests for both paths.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
PortOS's JIRA client authenticated every instance with
Authorization: Bearer <apiToken>— correct for a Jira Server / Data Center Personal Access Token, but Jira Cloud rejects it: a Cloud personal API token must be sent as HTTP Basic (base64("email:token")).createJiraClientnow picks the scheme per instance by host:*.atlassian.net(Jira Cloud) → Basic using the instance'semail+ API token (both already stored and required by the instance form)So Cloud and Server instances work side by side with no new fields and no migration. To point an instance at Cloud, set its base URL to your
*.atlassian.netsite and paste an API token created at id.atlassian.com → Security → API tokens.How
server/services/jira.js:isCloudInstance(baseUrl)(delegates host parsing to the shared no-throwhostFromOriginUrlfromserver/lib/workTracker.js) andjiraAuthHeader(instance).createJiraClientusesjiraAuthHeader(instance)for theAuthorizationheader.Tests
server/services/jira.test.js— added coverage for both auth paths plus edge cases (undefined/malformed URL,:port, lookalikeatlassian.net.evil.com). 14/14 pass.Known limitation (by design)
Detection keys strictly on
*.atlassian.net. A Jira Cloud site fronted by Atlassian's custom-domain feature (e.g.jira.mycompany.com→ Cloud) is classified as Server and gets Bearer. Out of scope here; a per-instanceauthSchemeoverride could be added later if needed.Related
checkTokenexpiry detection Cloud-aware — Cloud returns JSON 401, not an HTML login page).