I have tested to create a Rovo agent using forge, the agent role is to fetch ccounts in JSM, and return the users haven’t loged in in last 180days, to help admin for users review, but it fails to fetch the API:
I get this error:
ERROR 2026-06-28T23:46:29.594Z ec49ff6a-940d-49f5-9de5-b8a248e152ba Error: {“code”:401,“message”:“Unauthorized; scope does not match”}
at Object.getGroupMembersFull (webpack://users-review/src/index.js:21:13)
I have tried both const res = await api.asUser() and const res = await api.asApp() but always same error, could you help me to investigate the issue, for information I’m an ORG administrator.
Manifest.yml:
modules:action:- key: get-group-members-fullname: Get Full Group Membershipdescription: Retrieves all users in a group with their detailsfunction: getGroupMembersFullactionVerb: GETinputs:groupId:title: Group IDtype: stringdescription: Atlassian Admin Directory Group IDrovo:agent:- key: users-review-agentname: Users Reviewdescription: Reviews group membership and inactive usersprompt: >You help administrators review Atlassian group membership.Ask for a Group ID if not provided.Use get-group-members-full action and show all returned users.conversationStarters:- Show group members- Find inactive usersactions:- get-group-members-fullfunction:- key: getGroupMembersFullhandler: index.getGroupMembersFullapp:id: ari:cloud:ecosystem::app/1dfefea2-e33d-48c7-af0d-0d73816e08faruntime:name: nodejs24.xmemoryMB: 256architecture: arm64permissions:scopes:- read:jira-user- read:group:jiraexternal:fetch:backend:- api.atlassian.com
Index.js
import api, { route } from '@forge/api';const GROUP_ID = the_id_of_the_group;export async function getGroupMembersFull() {let users = [];// Always start with a SAFE route objectlet nextUrl = route`/rest/api/2/group/member?groupId=${GROUP_ID}`;while (nextUrl) {// ALWAYS pass route object directly hereconst res = await api.asApp().requestJira(nextUrl, {headers: {Accept: 'application/json'}});if (!res.ok) {throw new Error(await res.text());}const data = await res.json();users.push(...(data.values || []));// Paginationif (data.isLast === false && data.nextPage) {// Convert absolute URL → safe route againconst next = new URL(data.nextPage);nextUrl = route`${next.pathname}${next.search}`;} else {nextUrl = null;}}return {groupId: GROUP_ID,total: users.length,users};}
can you help me resolve the permission issue and add the 180days review
thank you in advance for your support.
According to the docs https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-groups/#api-rest-api-3-group-member-get the scopes you need for this endpoint are:
read:group:jira
read:user:jira
read:avatar:jira
You only have read:group:jira.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.