Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for custom headers #95

Closed
netwolfuk opened this issue Jan 21, 2018 · 15 comments
Closed

Add support for custom headers #95

netwolfuk opened this issue Jan 21, 2018 · 15 comments
Labels
enhancement
Milestone
v1.1

Comments

@netwolfuk
Copy link
Member

eg:
curl -H 'Authorization: Bearer xxxxxxxxxxxxxxxx'
@netwolfuk netwolfuk added this to the v1.1 milestone Jan 21, 2018
@stinos
Copy link

stinos commented Apr 8, 2018

This would be nice indeed; currently looking into using this to get build status into Stride since Hipchat is on it's way out, but that needs the authorization header.

@netwolfuk
Copy link
Member Author

Yeah. That's the exact same reason I was looking into it. :-)

@jacobjohnston
Copy link

I was about to make the same request - also for Stride. I've created a new issue to request some Stride templates on top of this. Thanks for the hard work!

@netwolfuk netwolfuk mentioned this issue Apr 11, 2018
Closed
@netwolfuk
Copy link
Member Author

netwolfuk commented Apr 13, 2018
edited
Loading

Arrg. Atlassian! Why don't you send the WWW-Authenticate header with your 401??!! Many hours wasted.

@netwolfuk
Copy link
Member Author

netwolfuk commented Apr 13, 2018
edited
Loading

BTW, I have a first version of "Bearer" running as an WebHookAuthenticator, and have also implemented customised headers.
The former "just works" under the Extra Config tab, so there are no UI changes.
image

Custom Header support has no UI yet, but hacking the plugin-settings.xml file does work in the following way.

      <headers>
        <header name="Authorization" value="Bearer blahblahblah" />
      </headers>

I'll tidy up the code, and make a test version available over the weekend, and you'll be able to test either method.

The comment above was my frustration at implementing Bearer authentication the correct way with an AuthSchemeProvider for the Apache HttpClient. However, the HttpClient expects a 401 and a WWW-Authenticate header, so that the AuthSchemeProvider code can handle the challenge.

The following from https://tools.ietf.org/html/rfc7235#section-4.1 states:

A server generating a 401 (Unauthorized) response MUST send a WWW-Authenticate header field containing at least one challenge.

However, Atlassian choose not to do that with Stride. I now remember I had a similar problem with Jira a few years ago.

@dgilman
Copy link

dgilman commented Apr 13, 2018

Thanks for the work netwolf. I am also adding my +1 here as this will allow for Cisco Spark integration.

@netwolfuk
Copy link
Member Author

Hi @dgilman Does Spark use bearer Auth or do you plan to use the headers in another way?

@dgilman
Copy link

dgilman commented Apr 14, 2018

Yes, it uses bearer auth like you have above, there's a bare bones example at the top of this documentation: https://developer.ciscospark.com/getting-started.html

@netwolfuk
Copy link
Member Author

Ah. Cool. I did a quick Google on my phone and found lots about oauth2, so was just curious. I really should research oauth2 in case that would also be useful.

netwolfuk added a commit that referenced this issue Apr 14, 2018
@netwolfuk
Add support for custom headers and Bearer auth
15cca82 
As per issue #95.

This commit adds preemptive and non-preemptive "Bearer token"
authentication (configurable via the UI).

It also has initial support for custom headers, although there is no UI
to configure it yet.

Adding custom headers can be done by adding a `<headers>` section to the
`<webhook>` element in a project's `plugin-settings.xml` file.

eg,

```
      <headers>
        <header name="Authorization" value="Bearer blahblahblah" />
      </headers>
```
@netwolfuk
Copy link
Member Author

Here is a build for testing.
https://teamcity.jetbrains.com/viewLog.html?buildId=1388711&tab=artifacts&buildTypeId=WebHooksAndOtherPlugins_TcWebHooks

@netwolfuk
Copy link
Member Author

Clean-up done. Release coming soon.

@netwolfuk
Copy link
Member Author

Docs added

@netwolfuk
Copy link
Member Author

New version for testing.
https://teamcity.jetbrains.com/viewLog.html?buildId=1391180&tab=artifacts&buildTypeId=WebHooksAndOtherPlugins_TcWebHooks
I plan to release this version tomorrow, assuming I don't find any issues.

@jacobjohnston
Copy link

For what it is worth, I'm now using this version with success! No issues noticed thus far.

@netwolfuk
Copy link
Member Author

Great. Thanks for the feedback. It's now released

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
v1.1
Development

No branches or pull requests
4 participants
@netwolfuk @dgilman @jacobjohnston @stinos