Community
Products
Jira
Questions
Unable to call Jira Rest Api as Add-on user and use overrideScreenSecurity

Unable to call Jira Rest Api as Add-on user and use overrideScreenSecurity

Hello guys,

We are developing a jira cloud app and We are facing an issue trying to update a custom field not in screen with parameter overrideScreenSecurity=true

Calling the URL /rest/api/2/issue/'issueKey?overrideScreenSecurity=true throws the error below :

403 - only connect add-on users with admin scope permission are allowed to overwrite screen security.

Looking at this error message, we tried to call the api as the addon user (oAuth / jwt-bearer) but we are not able to connect :
The error message is :
'Add-on \'addon-test-name\' disallowed to impersonate the user because \'no valid active user exists\'' }

However, the add-on user exists and is active.

Is that the way to connect as add-on user and to use overrideScreenSecurity?

Any help would be very much appreciated !

1 answer

0 votes

@Sebastien De Luca

First and foremost I would like to know what does your JSON descriptor file (atlassian-connect.json) looks like for value "scopes" look like.

You need to "ADMIN" in "scopes" value set,

{
  ...

  "scopes": [
    "ADMIN"
  ]
  ...
}

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Scope is :

"scopes": [ "ADMIN","PROJECT_ADMIN","ACT_AS_USER" ],

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

@Sebastien De Lucayour scopes seems to correct. Have you reinstalled addon after changes in scopes, and the user through which you are accessing api is site-admin/jira-administrator ?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Yes, I did that.
The first error message says I need to connect with add-on user

As my understanding, I should use this add-on user (plugin_name) for authentication and api request, but I am not able to authenticate.

The error message is :
'Add-on \'addon-test-name\' disallowed to impersonate the user because \'no valid active user exists\'' }

And with a cloud user who is site-admin, always the same error :
403 - only connect add-on users with admin scope permission are allowed to overwrite screen security.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

@Sebastien De Luca if uninstalling and disabling addon and reinstalling it is not helping, I suggest you take a look at this developer community question and contact Atlassian support, it seems your site might have some problem

https://community.developer.atlassian.com/t/atlassian-addons-admin-group-and-how-its-created-managed/1707/2

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Behavior is weird, I have created a support ticket, waiting for their feedback.

Any other thoughts are more than welcome.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS

Community showcase