It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jira access from Bitbucket ScriptRunner authorization error

Hello I’m hoping someone can shed some light on this problem.  I’m trying to do a simple call from ScriptRunner on Bitbucket, running as a custom event handler during a pull request.  For now, I’m just trying to get the contents of a Jira issue to process but I keep getting authorization errors.

Our Bitbucket is configured to have an application link to Jira using local OAuth authentication in both directions.

I’ve shown the script portion below.  I’ve tried using various request factory with different results.  I’ve reviewed all the community responses I can find and none give me any more ideas besides passing credentials, which I believe it not supposed to be done anymore?

When I use createImpersonatingAuthenticatedRequestFactory or createAuthenticatedRequestFactory it will generate a "CredentialsRequiredException" with message "You do not have an authorized access token for the remote resource".  The same goes if I try just a normal createRequestFactory.  If I use the createNonImpersonatingAuthenticatedRequestFactory it does not generate an exception but returns a response code of 401 in the log.

String jiraTicket = "BTP-1" // test ticket on engdev Jira board BTP
def jiraLink = getJiraAppLink()

// note: createNonImpersonatingAuthenticatedRequestFactory does not cause
// an exception but returns code 401
// createImpersonatingAuthenticatedRequestFactory causes an
// exception (no authorized access token)
// createAuthenticatedRequestFactory causes an exception (no
// authorized access token)
def requestFactory = jiraLink.createNonImpersonatingAuthenticatedRequestFactory()
requestFactory
.createRequest(Request.MethodType.GET, "rest/api/latest/issue/" +
jiraTicket)
.addHeader("Content-Type", "application/json")
.execute([
handle: { Response response ->
if (response.isSuccessful()) {
log.info("received successful response")
String responseString = response.getResponseBodyAsString()
log.info(responseString)
} else {
log.info("Failed to get response from Jira: code " +
response.getStatusCode())
log.info("Text: " + response.getStatusText())
}
}] as ApplicationLinkResponseHandler<Void>
)

 

1 answer

1 accepted

Hi Brian,

Thank you for your post.

Have you seen ScriptRunner for Bitbucket's documentation page on interacting with Jira via an AppLink?

The documentation can be found here: https://scriptrunner.adaptavist.com/latest/bitbucket/interacting-with-other-apps-via-applinks.html

Please let me know if this answers your questions?

Kind regards,

Robert Giddings,

Product Manager for ScriptRunner for Bitbucket.

Hi Robert.  Thanks for the documentation reference.  I've tried that without success.  When I use that method I get the "You do not have an authorized access token for the remote resource" response.  I did note an interesting thing right below that where it fails in ThreeLeggedOAuthRequestFactoryImpl.  I've seen references to two-legged authorization but not three.

Our Bitbucket is linked to Jira as shown here.

2019-12-18 07_53_13-Window.png

I've tried the various request factories (NonImpersonating, Impersonating, Authenticated) and all fail.  I don't know if that's some issue with the way are authentication is being done.

I tried a custom REST endpoint in Jira and I can get that to work, at least with allowing anonymous users.

Hi Brian,

Are you able to set your Outgoing and Incoming connections as "OAuth (impersonation)"?

This can be done, if you have the same users in both Bitbucket and Jira.

If you can set your connections to "OAuth (impersonation)", then I would follow exactly the code examples in either "Making Requests as the current User" or "Making Requests as another User" sections of the documentation to see that it works OK?

If your connections must remain as "OAuth" (i.e. because the users are different in Bitbucket and Jira), then I would follow exactly the code example in "Two-legged OAuth without impersonation" section of the documentation to see that it works OK?

Here is the reference to the documentation: https://scriptrunner.adaptavist.com/latest/bitbucket/interacting-with-other-apps-via-applinks.html

Kind regards,

Robert Giddings,

Product Manager for ScriptRunner for Bitbucket

Thank you, Robert.  Our environment has the connections as "OAuth" so I'll have to check with I.T. to find out if there is a reason they don't want to have it set to "OAuth (impersonation)".  As a test, I set our test environment connections that way and I was able to get the Jira ScriptRunner script to access data correctly when called from the Bitbucket ScriptRunner script.  I'll also test the two-legged OAuth without impersonation like you suggested in case I cannot get the connections changed.

 

Brian

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you