OAuth 2.0 is not enabled for this method

Hi Dario!

Here https://jira.atlassian.com/browse/JRACLOUD-72126 people are able to hit `V3` endpoint and issue appears for the `latest` only.

In my case it doesn't work for V3 either (when using OAuth 2.0), but the same mechanism allows to access almost all the endpoints. I think its a Jira API limitation because all the doc pages but this have OAuth scopes required mentioned.

I will try to figure out request details follow up. But could you please check maybe its documented limitation.

Regards, Volodymyr

Here are request details:

HttpRequest{method=GET, uri=https://api.atlassian.com/ex/jira/91d237d6-0c68-47c8-a8f6-885f45dfc126/rest/api/3/customField/10036/options, headers=[Pair{Authorization=Bearer ey#REDACTED#mg}, Pair{ATL-TraceId=1364dd31-19a5-4530-85be-547c914ca5f0}], body=null}

Nothing special... 

Headers from curl:

HTTP/2 403 

vary: Accept-Encoding,Accept-Encoding

content-type: application/json;charset=UTF-8

strict-transport-security: max-age=315360000; includeSubDomains; preload

date: Sat, 11 Apr 2020 06:21:06 GMT

x-request-id: c60dabe49804393f

x-arequestid: 816a81bb-5842-4a19-b00a-282a665e39f9

x-application-context: Stargate:prod,prod-euwest:8080

x-xss-protection: 1; mode=block

timing-allow-origin: *

x-content-type-options: nosniff

micros-issuer: micros/edge-authenticator

x-frame-options: SameOrigin

expect-ct: report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", enforce, max-age=86400 

 Response:

{"errorMessages":["OAuth 2.0 is not enabled for this method."]}

Hello @Volodymyr OSTAPIV ,

I have checked with DEV and I got confirmation that those endpoints are indeed not enabled for Oauth2 and that you should use the ones for apps instead:

These endpoints are not enabled for 3LO apps.

Instead use this ones:
https://developer.atlassian.com/cloud/jira/platform/rest/v3/?utm_source=%2Fcloud%2Fjira%2Fplatform%2Frest%2F&utm_medium=302#api-group-Issue-custom-field-options--apps-

Can you kindly confirm above endpoints are working for you?

Cheers,
Dario

Hi Dario.

1. The documentation says that endpoint is used for custom fields created by Connected Apps and this is not a case.

2. Tried to GET from rest/api/3/customfield_10035/option (customfield_10035 is my custom field key) and got 404

Hi @Volodymyr OSTAPIV ,

As mentioned in the documentation:

fieldKey REQUIRED

string

 

The field key is specified in the following format: $(app-key)__$(field-key). For example, example-add-on__example-issue-field. To determine the fieldKey value, do one of the following:

• open the app's plugin descriptor, then app-key is the key at the top and field-key is the key in the jiraIssueFields module. app-key can also be found in the app listing in the Atlassian Universal Plugin Manager.
• run Get fields and in the field details the value is returned in key. For example, "key": "teams-add-on__team-issue-field"

Also, still according to the documentation, Oauth 2 is only supported for apps (see below):

Which authentication method should I use?

• Connect apps: Use JWT. You can also use OAuth 2.0 user impersonation.
• Other apps: Use OAuth 2.0 (3LO) for authentication and authorization.
• Not using an app: Use OAuth 1.0a. See OAuth for REST APIs (Jira platform), OAuth for REST APIs (Jira Service Desk), or OAuth for REST APIs (Confluence).

Therefore, I have asked DEV to clarify:

• If the given endpoints are working with Oauth2 (3LO) for apps or only with connect apps
• If they only works for fields created by the app (using those methods)

In the meanwhile, can you le me know:

1. How was the custom field you are trying to access created?
2. Are you building an app or just authenticating REST API calls?
3. Are you using OAuth 2.0 (3LO) for apps or OAuth for REST APIs or anything else?

For further details, you might want to see the below post on the developers community:

• https://community.developer.atlassian.com/t/not-able-to-create-options-for-customfields/36250/3

Finally, for the future, please notice that this is not the best place to get help on development  related questions. The right resources are listed in https://developer.atlassian.com/resources. 

Specifically:

• Ask the Developers Community
• Create a Developer Support Request

Cheers,
Dario

Hi Dario,

1. Field was created by the user from the Jira UI itself, it's not created by application.

2. We use https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/ but we are not building Connected App, what we are going to build matches Other apps

3. I was able to hit that endpoint using login\password auth but we'd like to use OAuth 2.0 and it was actually the reason to ask.

Just to know if its really not supported and if it's going to be supported in the future 

Thanks for your quick reply @Volodymyr OSTAPIV ,

By reviewing the documentation, it definitely looks like: 

• Oauth 2 (3LO) is not supported for the Issue custom field options endpoints (no OAuth scopes required).
• Oauth 2 (3LO) is supported for the Issue custom field options (apps) but they can only be used for custom fields created by apps.

I am waiting for DEV to confirm this is the case and/or provide more details on plans to have this implemented.

Cheers,
Dario

Hello @Volodymyr OSTAPIV ,

After further discussing this with dev, I have been advised to open the below feature request to have those endpoints enabled for 3LO apps:

• [ACJIRA-2103] Oauth 2 (3LO) is not supported for the Issue custom field options endpoints 

You may want to vote and watch the above feature request so that you will get notified in case of any update. The  feature will be addressed according to the Implementation of New Features Policy.

Also, for the future, please notice that this is not the best place to get help on development  related questions. The best resources are the ones listed in https://developer.atlassian.com/resources. 

Specifically:

• Ask the Developers Community
• Create a Developer Support Request

Have a nice weekend.

Cheers,
Dario

Great! Thanks!

You are very welcome @Volodymyr OSTAPIV ! :) 

Also, I am accepting the answer so that this thread will be marked as answered. 

Cheers,
Dario