Based on this https://developer.atlassian.com/server/jira/platform/oauth/
generate private key
openssl genrsa -out jira_privatekey.pem 1024
generate public key
openssl req -newkey rsa:1024 -x509 -key jira_privatekey.pem -out jira_publickey.cer -days 365
openssl pkcs8 -topk8 -nocrypt -in jira_privatekey.pem -out jira_privatekey.pcks8
openssl x509 -pubkey -noout -in jira_publickey.cer > jira_publickey.pem
Create Application Link with options generic and incoming
On the next screen Consumer Key is OauthKey, Consumer Name is shown to the Use on authorization
and Public Key is from jira_publickey.pem file.
After that python client goes like this
Dependencies setup
python3 -m venv venv
source venv/bin/activate
pip install requests_oauthlib pyjwt cryptographyClient
#!/usr/bin/env python3
import json
import oauthlib
from requests_oauthlib import OAuth1Session
key = "OauthKey"
secret = open("oauth_privatekey.pem").read()
base_url = "https://bitbucket.example.com"
request_token_url = base_url+"/plugins/servlet/oauth/request-token"
access_token_url = base_url+"/plugins/servlet/oauth/access-token"
authorization_base_url = base_url+"/plugins/servlet/oauth/authorize"
access_token = {}
try:
with open("access_token.json") as f:
access_token = json.load(f)
print("Access token loaded")
except Exception:
pass
# Setup session
bitbucket = OAuth1Session(key,
signature_method=oauthlib.oauth1.SIGNATURE_RSA,
rsa_key=secret,
callback_uri='http://127.0.0.1/cb')
if not access_token:
# Fetch a request token
bitbucket.fetch_request_token(request_token_url)
# Redirect user to Bitbucket for authorization
authorization_url = bitbucket.authorization_url(authorization_base_url)
print('Please go here and authorize,', authorization_url)
# Get the authorization verifier code from the callback url
redirect_response = input('Paste the full redirect URL here: ')
bitbucket.parse_authorization_response(redirect_response)
# Fetch the access token
bitbucket.fetch_access_token(access_token_url)
print("Access token saved to disk")
with open("access_token.json", "w") as f:
json.dump(bitbucket.token, f)
else:
bitbucket.token = access_token
if bitbucket.authorized:
print("Authorized")
# Fetch a protected resource, i.e. user profile
username = bitbucket.get(base_url+'/plugins/servlet/applinks/whoami').text
print("Authenticated as user ",username)
profile = bitbucket.get(base_url+'/rest/api/1.0/users/'+username)
print(profile.json())
else:
print("Not auhtorized!")generate oauth rsa key with python
#!/usr/bin/env python3
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
private_key_file = "oauth_privatekey.pem"
try:
with open(private_key_file, "rb") as f:
private_key = serialization.load_pem_private_key(
data=f.read(),
password=None,
backend=default_backend()
)
print("Using existing private key")
except FileNotFoundError as err:
print("Generating new private key")
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
with open(private_key_file, "wb") as f:
f.write(private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
))
print("Public key is:")
print(private_key.public_key().public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
).decode())