Add cookie support

johanneslarsson · johanneslarsson · commit b3fdecab99c5 · 2026-04-07T13:58:08.000+02:00
diff --git a/README.md b/README.md
@@ -94,6 +94,22 @@ Follow the [installation guide](https://github.com/ankitpokhrel/jira-cli/wiki/In
 2. Run `jira init`, select installation type as `Cloud`, and provide required details to generate a config file required
    for the tool.
 
+#### Cloud server where PAT or OAuth is unavailable
+
+Some tenants have disabled or restricted the ability to create personal Jira API tokens / OAuth credentials. In these cases, you can fall back to the browser session cookie `tenant.session.token`. Note that this cookie usually expires in about 24 hours, so you will need to refresh it periodically.
+
+1. Log in to Jira with your browser. Open the developer tools (Application/Storage tab) and find the cookie value for `tenant.session.token`. Then set the environment variable `JIRA_API_TOKEN` to that value.
+
+```sh
+export JIRA_API_TOKEN=ey..
+```
+
+2. Bootstrap your CLI
+
+```sh
+jira init --installation cloud --server https://<COMPANY>.atlassian.net --auth-type cookie --project ABC
+```
+
 #### On-premise installation
 
 1. Export required environment variables:
@@ -119,9 +135,10 @@ See [FAQs](https://github.com/ankitpokhrel/jira-cli/discussions/categories/faqs)
 
 #### Authentication types
 
-The tool supports `basic`, `bearer` (Personal Access Token), and `mtls` (Client Certificates) authentication types. Basic auth is used by
+The tool supports `basic`, `cookie` (browser session), `bearer` (Personal Access Token), and `mtls` (Client Certificates) authentication types. Basic auth is used by
 default.
 
+* If you want to use a browser session cookie, set `--auth-type cookie` (or `JIRA_AUTH_TYPE=cookie`) and set `JIRA_API_TOKEN` to the value of `tenant.session.token`.
 * If you want to use PAT, you need to set `JIRA_AUTH_TYPE` as `bearer`.
 * If you want to use `mtls` run `jira init`. Select installation type `Local`, and then select authentication type as `mtls`.
   * In case `JIRA_API_TOKEN` variable is set it will be used together with `mtls`.
diff --git a/internal/cmd/init/init.go b/internal/cmd/init/init.go
@@ -40,7 +40,7 @@ func NewCmdInit() *cobra.Command {
 	cmd.Flags().String("installation", "", "Is this a 'cloud' or 'local' jira installation?")
 	cmd.Flags().String("server", "", "Link to your jira server")
 	cmd.Flags().String("login", "", "Jira login username or email based on your setup")
-	cmd.Flags().String("auth-type", "", "Authentication type can be basic, bearer or mtls")
+	cmd.Flags().String("auth-type", "", "Authentication type can be basic, cookie, bearer or mtls")
 	cmd.Flags().String("project", "", "Your default project key")
 	cmd.Flags().String("board", "", "Name of your default board in the project")
 	cmd.Flags().Bool("force", false, "Forcefully override existing config if it exists")
diff --git a/internal/config/generator.go b/internal/config/generator.go
@@ -229,10 +229,11 @@ func (c *JiraCLIConfigGenerator) configureLocalAuthType() error {
 	if c.usrCfg.AuthType == "" {
 		qs := &survey.Select{
 			Message: "Authentication type:",
-			Help: `Authentication type coud be: basic (login), bearer (PAT) or mtls (client certs)
+			Help: `Authentication type could be: basic (login), cookie (browser session), bearer (PAT) or mtls (client certs)
 ? If you are using your login credentials, the auth type is probably 'basic' (most common for local installation)
+? If you are using a browser session cookie, choose 'cookie'
 ? If you are using a personal access token, the auth type is probably 'bearer'`,
-			Options: []string{"basic", "bearer", "mtls"},
+			Options: []string{"basic", "cookie", "bearer", "mtls"},
 			Default: "basic",
 		}
 		if err := survey.AskOne(qs, &authType); err != nil {
diff --git a/pkg/jira/client.go b/pkg/jira/client.go
@@ -281,6 +281,8 @@ func (c *Client) request(ctx context.Context, method, endpoint string, body []by
 		}
 	case string(AuthTypeBearer):
 		req.Header.Add("Authorization", "Bearer "+c.token)
+	case string(AuthTypeCookie):
+		req.Header.Add("Cookie", "tenant.session.token="+c.token)
 	case string(AuthTypeBasic):
 		req.SetBasicAuth(c.login, c.token)
 	}
diff --git a/pkg/jira/types.go b/pkg/jira/types.go
@@ -7,14 +7,16 @@ import (
 const (
 	// AuthTypeBasic is a basic auth.
 	AuthTypeBasic AuthType = "basic"
-	// AuthTypeBearer is a bearer auth.
+	// AuthTypeCookie is a cookie (browser session) auth.
+	AuthTypeCookie AuthType = "cookie"
+	// AuthTypeBearer is a bearer (PAT) auth.
 	AuthTypeBearer AuthType = "bearer"
 	// AuthTypeMTLS is a mTLS auth.
 	AuthTypeMTLS AuthType = "mtls"
 )
 
 // AuthType is a jira authentication type.
-// Currently supports basic and bearer (PAT).
+// Currently supports basic, cookie, bearer (PAT) and mtls (client certificates).
 // Defaults to basic for empty or invalid value.
 type AuthType string
 

Original file line number	Diff line number	Diff line change
`@@ -281,6 +281,8 @@ func (c *Client) request(ctx context.Context, method, endpoint string, body []by`
`281`	`281`	`}`
`282`	`282`	`case string(AuthTypeBearer):`
`283`	`283`	`req.Header.Add("Authorization", "Bearer "+c.token)`
	`284`	`+ case string(AuthTypeCookie):`
	`285`	`+ req.Header.Add("Cookie", "tenant.session.token="+c.token)`
`284`	`286`	`case string(AuthTypeBasic):`
`285`	`287`	`req.SetBasicAuth(c.login, c.token)`
`286`	`288`	`}`