Unable to access users/search API from Atlassian Connect app

Matt Klein November 21, 2019

We've got an Atlassian Connect app for Jira Cloud. When we install the app into a Jira Cloud instance, we want to be able to call the users/search API on behalf of the app. However, when we try, our call to users/search fails with an HTTP 403 (Forbidden).

The API documentation indicates that users/search requires the "Browse users and groups global permission". However, it's not clear how to grant this permission to an Atlassian Connect app. The app descriptor for an Atlassian Connect app is controlled by scopes. Our Connect app declares the READ scope. It's not clear how the scopes relate to global permissions.

Is there something I can do to make the Atlassian Connect app authorized to call the users/search API? Is there something I can do to the Connect app descriptor file to grant the app the "Browse users and groups" global permission?

2 comments

DPKJ
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 21, 2019

@Matt KleinI think you are using wrong application scope.

  • READ scope implies that you can call READ (i.e.) request from your application in front-end. By using AP.request in JS API.
  • If you want to call from your application (i.e. back-end) on behalf of some user you will need to set, 'ACT_AS_USER' scope.
Matt Klein November 22, 2019

Oh thanks, looks promising! I'll give that a try.

Matt Klein November 22, 2019

Thanks again for the suggestion. I've been experimenting with that but I still can't get my Atlassian Connect app to successfully call the users/search API. When I use the ACT_AS_USER scope, which user is the Connect app acting as? And how do I assign whatever user that is the global permission "Browse users and groups" that seems to be required?

I see that there's apparently a built-in group called "atlassian-addons-admin", so I suspected that might be the user the Atlassian Connect app is acting as, but even after I've granted that group the "Browse users and groups" global permission, I still get an HTTP 403 (Forbidden) when I call the users/search API.

Radovan Vacek August 16, 2023

Hi, did you ever resolve this? I am fighting with the same...

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events