Current user not permitted to use Confluence

Jun Luo @ chatbees.ai April 11, 2024

We developed an App that user can grant the access permission to their confluence to us. Once the App is authed, we store the refresh token and access token.

We created a test account that has a single admin user and one test space. The test uses confluence python client 3.41.10 to access the confluence page, like below

from atlassian import Confluence

cf = Confluence(url=confluence_cloud_url, token=access_token)

cf.get_all_pages_from_space(space='TestSpace')

get exception: requests.exceptions.HTTPError: Current user not permitted to use Confluence

 

The weird thing is: this simple test program worked last week, but suddenly failed this week. Any idea?

3 answers

1 accepted

1 vote
Answer accepted
Jun Luo @ chatbees.ai April 13, 2024

Find the solution. When making requests with OAuth 2.0 (3LO) , we need to direct them to api.atlassian.com, not to the personal Atlassian domain. Need to get the cloud id for the personal domain first.

curl --request GET \

--url https://api.atlassian.com/oauth/token/accessible-resources \

--header 'Authorization: Bearer access_token' \

--header 'Accept: application/json'

And get like "id":"bb601347-ea5d-4dbc-901f-ddbf430dd37d".

Then get Confluence space content with url https://api.atlassian.com/ex/confluence/bb601347-ea5d-4dbc-901f-ddbf430dd37d/wiki/rest/api/content

0 votes
Jun Luo @ chatbees.ai April 11, 2024

curl --request GET \
--url https://api.atlassian.com/oauth/token/accessible-resources \
--header 'Authorization: Bearer access_token' \
--header 'Accept: application/json'

response:

[{"id":"bb601347-ea5d-4dbc-901f-ddbf430dd37d","url":"https://goo-test.atlassian.net","name":"goo-test","scopes":["read:content:confluence"],"avatarUrl":"https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/triangle.png"}]%

 

But

curl --request GET \
--url https://goo-test.atlassian.net/wiki/rest/api/content \
--header 'Authorization: Bearer same_access_token' \
--header 'Accept: application/json'

response:

{"message":"Current user not permitted to use Confluence","statusCode":403}

0 votes
Jun Luo @ chatbees.ai April 11, 2024

any one can help? try curl directly,

curl -D- \ -X GET \ -H "Authorization: Basic access_token" \ -H "Content-Type: application/json" \ "https://<your-domain.atlassian.net>/wiki/rest/api/space"

get:

<!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Basic Authentication Failure</p><p><b>Description</b> The request has not been applied to the target resource because it lacks valid authentication credentials for that resource.</p><hr class="line" /><h3>Apache Tomcat/9.0.87</h3></body></html>%

 

If I use the API token, get_all_pages_from_space() works. but not with the access token via OAuth.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events