/rest/api/3/issue/createmeta/{projectIdOrKey}/issuetypes/{issueTypeId} API autoCompleteUrls are not accessible via Bearer token

XMLWordPrintable

    • 1
    • Minor
    • 1

      Summary

      Some autoCompleteUrls returned via the below endpoint are not accessible through OAuth token and return 401 error, while they work via Basic Authentication:

      Steps to Reproduce

      Make a call to the following endpoint via OAuth 2.0

      curl --location 'https://api.atlassian.com/ex/jira/{cloudId}/rest/api/3/issue/createmeta/{projectIdOrKey}/issuetypes/{issueTypeId}' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer xxxx'

      Using the response you got from the endpoint above, make a get request to the autoCompleteUrl via Oauth 2.0 like the ff:

      curl --location 'https://api.atlassian.com/ex/jira/{cloudId}/rest/api/3/user/assignable/search?project={projectKey}&query=' \
--header 'Authorization: Bearer xxxxx' 

      AutoCompleteURLs accessible via Bearer Token

      • /rest/api/3/user/assignable/search?project={projectKey}&query=
      • /rest/api/3/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true&currentIssueKey=null&query=

      AutoCompleteUrls not accessible via Bearer token

      • /rest/api/1.0/labels/suggest?query=
      • /gateway/api/v1/recommendations (Note: This Url is not working neither via Basic OAuth nor Bearer token )
      • /rest/api/3/user/recommend?context=Reporter&issueKey= 

      Some urls being returned can be accessed via Oauth 2.0, some are not. 

      Expected Results

      As for /rest/api/1.0/labels/suggest?query= endpoint, we expect to see a result as below: (We get the this response when accessing the endpoint via Basic OAuth)

      <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <suggestionListStruct>
<token></token>
<suggestions>
<label>LabelName1</label>
<html>&lt;b&gt;&lt;/b&gt;LabelName1</html>
</suggestions>
<suggestions>
<label>LabelName2</label>
<html>&lt;b&gt;&lt;/b&gt;LabelName2</html>
</suggestions>
</suggestionListStruct>

      Actual Results

      While trying to access the /rest/api/1.0/labels/suggest?query= endpoint via Bearer token, we encounter the below error:

      { "code": 401, "message": "Unauthorized; scope does not match"}

      Workaround

      Currently there is no workaround.

        1. screenshot-1.png
          391 kB
          Jiaqi Xi

            Assignee:
            Unassigned
            Reporter:
            Rosa Faghihi (Inactive)
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: