[Bugzilla-announce-list] Action Required: Bugzilla - API Authentication changes
Jeff Fearn
jfearn at redhat.com
Tue Feb 1 02:28:13 UTC 2022
Tl;dr From Monday 28th February, applications making API calls to
Bugzilla may no longer authenticate using passwords or supplying API
keys in call parameters. Instead, API keys must be supplied in the
Authorization header.
Support for using the Authorization header has been deployed to all Red
Hat Bugzilla instances. You can change your code at any time and not
have to wait for the old methods to be disabled.
We will require all authenticated API usage to use this new method; this
will break API access to Red Hat Bugzilla for any tools that don't use
the Authorization header [1].
If you are not certain your tooling authenticates using this header then
you need to take action to confirm it does and to modify your tooling to
use it if it doesn't.
This new method does away with logging in and out of the API and uses
API_KEYs in a standard Authorization header. This header needs to be
sent with every call to the API.
The old methods will be disabled on a rolling basis across the RHBZ servers.
Target Dates:
https://bugzilla.stage.redhat.com - Mon 07th Feb 00:00 UTC
https://bugzilla.redhat.com - Mon 28th Feb 00:00 UTC
IMPORTANT
If you attempt to use an old method to authenticate to the API after
this change has been made, the API_KEY or password supplied will be
treated as potentially compromised and invalidated immediately. If you
supplied your password then you will need to follow the forgot password
process to reset it. If you supplied an API_KEY it will have been banned
and you will need to generate a new API_KEY in the UI.
This invalidation will happen every time an attempt to use an outdated
authentication method is detected.
If you are using python-bugzilla you need to upgrade to version 3.2.0
which will automatically use the new method of authentication.
If you are using other tools you will need to look into how they work
and see how to adjust them to use the Authorization header instead of
the other parameters.
If you need assistance understanding how to update your applications,
please reach out to us by the following means.
- If you have an active subscription via https://access.redhat.com/support/
- If you are a Red Hat Partner then please contact your partner
representative
- Or email us at bugzilla-owner at redhat.com
The Red Hat Bugzilla Team.
1:
https://bugzilla.redhat.com/docs/en/html/api/core/v1/general.html#authentication
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/bugzilla-announce-list/attachments/20220201/5b586023/attachment.sig>
More information about the Bugzilla-announce-list
mailing list