-------- Forwarded Message --------
Subject: [Bugzilla-announce-list] Action Required: Bugzilla - API
Authentication changes
Date: Tue, 1 Feb 2022 12:28:13 +1000
From: Jeff Fearn <jfearn@xxxxxxxxxx>
To: bugzilla-announce-list@xxxxxxxxxx
Tl;dr From Monday 28th February, applications making API calls to Bugzilla may
no longer authenticate using passwords or supplying API keys in call
parameters. Instead, API keys must be supplied in the Authorization header.
Support for using the Authorization header has been deployed to all Red Hat
Bugzilla instances. You can change your code at any time and not have to wait
for the old methods to be disabled.
We will require all authenticated API usage to use this new method; this will
break API access to Red Hat Bugzilla for any tools that don't use the
Authorization header [1].
If you are not certain your tooling authenticates using this header then you
need to take action to confirm it does and to modify your tooling to use it if
it doesn't.
This new method does away with logging in and out of the API and uses API_KEYs
in a standard Authorization header. This header needs to be sent with every
call to the API.
The old methods will be disabled on a rolling basis across the RHBZ servers.
Target Dates:
https://bugzilla.stage.redhat.com - Mon 07th Feb 00:00 UTC
https://bugzilla.redhat.com - Mon 28th Feb 00:00 UTC
IMPORTANT
If you attempt to use an old method to authenticate to the API after this
change has been made, the API_KEY or password supplied will be treated as
potentially compromised and invalidated immediately. If you supplied your
password then you will need to follow the forgot password process to reset it.
If you supplied an API_KEY it will have been banned and you will need to
generate a new API_KEY in the UI.
This invalidation will happen every time an attempt to use an outdated
authentication method is detected.
If you are using python-bugzilla you need to upgrade to version 3.2.0 which
will automatically use the new method of authentication.
If you are using other tools you will need to look into how they work and see
how to adjust them to use the Authorization header instead of the other parameters.
If you need assistance understanding how to update your applications, please
reach out to us by the following means.
- If you have an active subscription via https://access.redhat.com/support/
- If you are a Red Hat Partner then please contact your partner representative
- Or email us at bugzilla-owner@xxxxxxxxxx
The Red Hat Bugzilla Team.
1: https://bugzilla.redhat.com/docs/en/html/api/core/v1/general.html#authentication
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
