Call to user search endpoint returns empty result

XMLWordPrintable

    • 2
    • Severity 3 - Minor

      Issue Summary

      You can make API calls towards Jira using a Service account along with either API token or OAuth based authentication.

      Currently requests against the Find users API will not return results when you use OAuth based authentication even if you satisfy every criteria:

      • Service account has the necessary permissions
      • The scopes selected follow the ones mentioned in the public documentation
        • Both classic and granular scopes were tested

      Steps to Reproduce

      • Create a service account
        • Make sure it has access to your site and has the necessary permissions (e.g. Browse users and groups global permission)
      • Create an OAuth token
      • Make a call against the find user endpoint:
        curl --request GET \
          --url https://api.atlassian.com/ex/jira/{CLOUD_ID}/rest/api/2/user/search?query=<EXISTING_USER_EMAIL_ADDRESS> \
          --header 'Authorization: Bearer <OAuth token obtained>' \
          --header 'Accept: application/json'
        

      Expected Results

      You will see the same results you get by calling that endpoint when using email address + API token.

      Actual Results

      No results are found:

      no matches found
      

      Workaround

      As of now, API token authentication works.

      Exclude scope "read:email-address:jira" from API token for Service Account

      Additional information

      The issue happens when scope "read:email-address:jira" is added to credentials on Service Account.

      Please refer to https://jira.atlassian.com/browse/JRACLOUD-97318 for more details.

              Assignee:
              Unassigned
              Reporter:
              Leonardo De Almeida (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: