Missing "read:folder:confluence" OAuth Scope Causes 401 Unauthorized on Folder API Endpoints

XMLWordPrintable

    • 1
    • Severity 3 - Minor

      Issue Summary

      OAuth 2.0 scope "read:folder:confluence" is missing from the selectable granular scopes list for Confluence REST API, resulting in 401 Unauthorized errors when attempting to access folder endpoints via service accounts.

      Steps to Reproduce

      1. Create or use a service account 
      2. Assign all available Confluence read scopes to the service account, excluding "read:folder:confluence" (since it is not selectable).
      3. Attempt to make a GET request to the following Confluence REST API endpoints:
      4. Observe the API response.

      Expected Results

      The API call should succeed, returning the requested folder or folder properties data, provided the service account has all necessary read permissions.

      Actual Results

      The API call fails with a 401 Unauthorized error and the message:

      {
  "code": 401,
  "message": "Unauthorized; scope does not match"
}

      Despite all available read scopes being assigned, access is denied because "read:folder:confluence" is not present in the selectable scopes.

      Workaround

      Currently, there is no direct workaround, as the required "read:folder:confluence" scope is not available for selection or assignment to service accounts.

      Until the scope is made available, folder endpoints can't be accessed via the REST API using service accounts.

              Assignee:
              Nick Bourlier
              Reporter:
              Vinod Reddy - [Atlassian Support]
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: