Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
1
-
Severity 3 - Minor
-
Description
Issue Summary
Currently we have an issue reported https://jira.atlassian.com/browse/ACCESS-1034 which talks about org level APIs running into an error when we try to fetch the user information for unverified accounts. This behaviour needs to be fixed on User Management or Identity level as well.
For eg. identify one unverified account and run this API call to fetch the information -
You will see an error -
{"key":"forbidden.targetUnverified","context":"Error: Cannot perform action on unverified account","errorKey":"forbidden.target-unverified","errorDetail":"Error: Cannot perform action on unverified account"}C02Y723GJG5J
If this is expected, then the API documentation would need to include this point.
Steps to Reproduce
- Run this curl for unverified accounts -
curl --request GET \ --url 'https://api.atlassian.com/users/{Account id}/manage/profile' \ --header 'Authorization:Bearer <org api token>' \ --header 'Accept: application/json'
- The call would fail
Expected Results
API should either fetch some information since it is on user management level or the expected behaviour needs to be mentioned in the page - https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-users/#api-users-account-id-manage-profile-get
Actual Results
The below exception is thrown in the xxxxxxx.log file:
{"key":"forbidden.targetUnverified","context":"Error: Cannot perform action on unverified account","errorKey":"forbidden.target-unverified","errorDetail":"Error: Cannot perform action on unverified account"}C02Y723GJG5J...
Workaround
Required, if there is no workaround please state:
Currently there is no known workaround for this behavior. A workaround will be added here when available
Attachments
Issue Links
- duplicates
-
ID-7748 Admin API cannot be used on unverified accounts
- Closed