Symptoms

In the JIRA Issues Macro documentation, it says that you can use Basic Access application link authentication, so that the issues that get displayed are those that the user in the application link has access to. This is no longer working, the only issues that can be viewed by an anonymous user, for example, are the ones that are viewable by an anonymous user in JIRA.

Whilst this makes logical sense from a security standpoint, our documentation explicitly says that you should be able to see any issues that the Basic Access user can see. This was also working in older versions of Confluence/JIRA Issues Macro.

Steps to Reproduce

1. Create an application link between JIRA and Confluence using Basic Access
2. Create a page in Confluence, and add some JIRA issues
3. Make sure that page is anonymously accessible and the JIRA issues are not anonymously accessible
4. Load that page as anonymous (e.g. in incognito mode) and see that no issues are listed if it should be a table, or that only the issue key and no other details are showing if a single issue.