-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Low
-
Component/s: Forge - App Monitoring, Logging
-
Minor
-
Unit testing
Issue Summary:
If we follow the steps in https://developer.atlassian.com/platform/forge/access-rest-apis-exposed-by-a-forge-app/#configure-authorization-and-obtain-an-access-token and create a OAuth client and then use the auto-generated "Marketplace App:" authorization url, the generated token doesn't contain all the necessary scopes. As a result, the API call fails with 401 Unauthorized scope mismatch error.
Steps to Reproduce
- https://developer.atlassian.com/platform/forge/expose-forge-app-rest-apis/
- Install a Forge app with REST API
- Enable REST API for the Forge app
- create a OAuth app
- Add the forge apps scopes
- Add the Jira or Confluence scopes
- read:forge-app:jira
- read:forge-app:confluence
- Check the Authorization URL that's generated in
Expected Results
The "Marketplace App:" authorization url should contain all the scopes we had selected like read:forge-app:jira or read:forge-app:confluence;
Actual Results
The "Marketplace App:" authorization url only contains the *:custom scopes that we'd added from the app. Other product scopes that we'd selected isn't included; especially read:forge-app:jira or read:forge-app:confluence which are actually needed to make the API call.
Otherwise, the OAuth Authorization code and access token won't have the scopes needed, and the API call fails with 401 scope mismatch error
Workaround
We need to manually edit the authorization URL to include all the scopes. We also need to
- first URLdecode the link
- then add the scopes
- then URLencode it back before using it
otherwise, the auth flow can sometimes throw Too Many Requests error