Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Using API Tokens To Download Attachments
Starting with version 1.8.3 we are also allowing authentication with tokens on the attachment download endpoints for Jira and Confluence.
The workaround described below is not required anymore.
For best security practices we recommend enabling the Disable Basic Authentication with User Password option in the system-wide settings.
Enabling Disable Authentication with Session Cookies provides additional security but requires sending the authentication header with every request.
In order to download attachments, one needs to authenticate against a REST endpoint first and use the session cookie for the subsequent request to retrieve the attachment via the non-REST endpoint. Below are some Curl examples for Jira and Confluence.
Jira
Python
The Jira Python library provides some convenient methods to retrieve Jira content. Please see https://pypi.org/project/jira/ for installation instructions.
The following snippet shows how to authenticate with a user and API token and how to download attachments from an issue.
from jira import JIRA
username = "someuser"
apitoken = "sometoken"
download_folder = "/path/to/download/folder/"
server = "https://<jira-base-url/"
jira = JIRA(basic_auth=(username, apitoken), options={'server': server})
issue = jira.issue(<issue-key>, fields='summary,comment,attachment')
for attachment in issue.fields.attachment:
with open(download_folder + '%s' % (attachment.filename), 'wb') as file:
file.write(attachment.get())Curl
Jira provides details about issue attachments on the following endpoint. The response JSON can be parsed to get the download URL.
https://<jira-url>/rest/api/2/issue/<issueIdOrKey>?fields=attachment
List attachments, get session from API Token authentication at the same time
The following call lists all attachment details for a given issue in Jira and saves the session cookie. You need to parse the JSON output to get the attachment download URL.
curl -c /path/to/some/folder/cookie-jar.txt -u username:apitoken "https://<jira-url>/rest/api/2/issue/<issueIdOrKey>?fields=attachment"Use that session cookie for download or any subsequent calls
The below call shows how to use the session cookie again to download the file, using the download URL retrieved after parsing the response with the call before.
curl -b /path/to/some/folder/cookie-jar.txt "https://<jira-url>/secure/attachment/10100/portallog.jpg" --output /path/to/some/folder/portal_logo.jpgConfluence
Python
Please head over to https://atlassian-python-api.readthedocs.io/confluence.html, the library offers a lot of convenient methods for all sorts of Confluence automation.
Curl
Confluence provides details about page attachments on the following endpoint. The response JSON can be parsed to get the download URL.
https://confluence-url/rest/api/content/<page-id>/child/attachment
List attachments for a page, get session from API Token authentication at the same time
The following call lists all attachment details for a given page id in Confluence and saves the session cookie. You need to parse the JSON output to get the attachment download URL.
curl -c /path/to/some/folder/cookie-jar.txt -u username "https://confluence-url/rest/api/content/<page-id>/child/attachment"Use that session cookie for download or any subsequent calls
The below call shows how to use the session cookie again to download the file
curl -b /path/to/some/folder/cookie-jar.txt "https://confluence-url/download/attachments/1212445/sample.xlsx" --output /path/to/some/folder/sample.xlsx