function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
sriharisfdc reddysriharisfdc reddy 

cookie base authentication

Anybody knows cookies base authentication. I want to show the Pentaho dashboard to the salesforce account page. Can you please help. How to authenticate in the cookie to put user name and password in the cookie and how to get the username and password through apex cookie class. Please help me.
Deepali KulshresthaDeepali Kulshrestha
Hi Sriharisfdc,

Jira's REST API is protected by the same restrictions which are provided via Jira's standard web interface. This means that if you do not log in, you are accessing Jira anonymously. Furthermore, if you log in and do not have permission to view something in Jira, you will not be able to view it using the Jira REST API either.

In most cases, the first step in using the Jira REST API is to authenticate a user account with your Jira site. Any authentication that works against Jira will work against the REST API. In this tutorial, we will use cookie-based (session) authentication.

This is how cookie-based authentication works in Jira at a high level:

1.The client creates a new session for the user, via the Jira REST API .
2.Jira returns a session object, which has information about the session including the session cookie. The client stores this session object.
3. The client can now set the cookie in the header for all subsequent requests to the Jira REST API.
Before you begin, please be aware that although cookie-based authentication has many benefits, such as performance (not having to make multiple authentication calls), it also has security risks. For example, your session cookies can be hijacked if handled improperly. 
This document does not go into the security implications of cookies, but if you should make yourself aware of the risks, before considering this approach.

Step 1. Create a new session using the Jira REST API
We need to get a session cookie from Jira, so the first thing we need to do is create a new session using the session resource in the Jira REST API. Tip: You can also use the session resource to get information about the currently authenticated user in the current session (GET), or log the current user out of Jira (DELETE).

To do this, just POST the desired user credentials (as JSON) to the session resource.

Step 2. Use the session cookie in a request
Now that you've created a session, it's just a matter of setting the cookie in all subsequent requests to the server.

Store the session object on the client. The way that you do this will depend on how your client is implemented.
When you want to make a request, take cookie name and value from the session and use them to set the 'cookie' field in the header of your request.

I hope you find the above solution helpful. If it does, please mark as Best Answer to help others too.

Thanks and Regards,
Deepali Kulshrestha