Reputation:
JIRA REST API performance - OAuth vs HTTP Basic Authentication
Following the doco of JIRA REST API, OAuth and HTTP Basic are two recommended authentication. We are using the HTTP Basic one with https, which works good and safe.
Is there any difference on performance between them?
Upvotes: 4
Views: 4571
Answers (1)
Reputation: 80633
Excluding initial token negotiation, OAuth is still computationally more expensive than Basic Authentication, given the larger size of the secured payload, and the signing requirements. A non-exhaustive list of extra logic that needs to be carried out:
- Request parameter normalization
- Request URI normalization
- Generate nonce
- Request signature calculation
- Reverse entire process on the receiving end
Compared with basic authentication which requires a very simple hashing in order to calculate the single required header - OAuth is without a doubt a more expensive authentication. But, the important thing to realize is that the two authentication mechanisms serve entirely different purposes. Basic Auth is for authenticating a client to a primary application. OAuth is for authorizing a third party to access client data from a primary application. Both have their place and selecting one over the other should be driven by the particular use case of the implementation.
Upvotes: 12
Related Questions
- JIRA - Java API or REST API
- Jira Rest API is slow
- Add JIRA OAuth to my WebApp
- Jira Rest Java Client
- Connect Java rest API to JIra
- Using OAuth with Jira REST calls in .NET / F#
- JIRA REST API - Basic Authentication
- Authenticating with JIRA
- What technology to use for accessing Jira 3.13.2?
- RESTful authentication - resulting poor performance on high load?