[BAM-15834] OAuth requests made using application links will be processed as unauthorized.

Type: Bug
Resolution: Unresolved
Priority: Low
Fix Version/s: None
Affects Version/s: 5.6.0
Component/s: AppLinks
Labels:
None

Support reference count:
7
Symptom Severity:
Severity 3 - Minor
UIS:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

The following is being thrown into our Bamboo logs quite frequently

2015-04-09 13:49:02,457 INFO [http-bio-80-exec-98] [AccessLogFilter] 10.40.32.134 GET http://bamboo.starkey.com/rest/remote-event/1/status 1417666kb
2015-04-09 13:49:02,644 WARN [http-bio-80-exec-21] [AuthenticatorImpl] No executing user assigned for 2LO requests
2015-04-09 13:49:02,644 INFO [http-bio-80-exec-21] [AuthenticatorImpl] Authenticated app 'jira:6452512' as user 'null' successfully

This looks similar to ~~FE-5126~~. Requests coming from JIRA along the app link are coming as "null", which is throwing these warnings. The apps authenticate just fine, but these warnings are thrown frequently ~ every 30 seconds

is related to

FE-5126 OAuth application link requests might fail to be verified if AJP or Crowd SSO authentication is enabled

Closed

was cloned as: BDEV-8835 Loading...

Peter Körner added a comment - 03/Aug/2023 11:00 AM

This is kind-of still a thing in 2023, is it?

We see a Problem with Jira 9.4.8 and Bamboo 9.3.1:

In our bamboo only specific groups can login and see things.
Jira is connected to bamboo via OAuth with impersonation
The HTTP Request from Jira contains an `xoauth_requestor_id`
The HTTP Response from Bamboo is a 403 with `message: "No global READ permission"`
Restoring visibility for Anonymous Users in Bamboo restores Access via Jira

As a workaround we changed from "OAuth with Impersonation" to regular "OAuth" which helps, but is merely a workaround because it requires all Users to authorize, one by one.

Peter Körner added a comment - 03/Aug/2023 11:00 AM This is kind-of still a thing in 2023, is it? We see a Problem with Jira 9.4.8 and Bamboo 9.3.1: In our bamboo only specific groups can login and see things. Jira is connected to bamboo via OAuth with impersonation The HTTP Request from Jira contains an `xoauth_requestor_id` The HTTP Response from Bamboo is a 403 with `message: "No global READ permission"` Restoring visibility for Anonymous Users in Bamboo restores Access via Jira As a workaround we changed from "OAuth with Impersonation" to regular "OAuth" which helps, but is merely a workaround because it requires all Users to authorize, one by one.

Jagadeesh_M added a comment - 03/Jun/2021 11:21 AM

We have been facing this issue in 6.9.2 and when we upgraded to 7.2.4 also we are seeing this problem

Jagadeesh_M added a comment - 03/Jun/2021 11:21 AM We have been facing this issue in 6.9.2 and when we upgraded to 7.2.4 also we are seeing this problem

Assignee:: Unassigned

Reporter:: Robert Nelson

Affected customers:: 11 This affects my team

Watchers:: 11 Start watching this issue

Created:: 09/Apr/2015 7:00 PM

Updated:: 30/Mar/2025 2:36 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Peter Körner added a comment - 03/Aug/2023 11:00 AM

Expand comment: Peter Körner added a comment - 03/Aug/2023 11:00 AM

Collapse comment: Jagadeesh_M added a comment - 03/Jun/2021 11:21 AM

Expand comment: Jagadeesh_M added a comment - 03/Jun/2021 11:21 AM

People

Dates