-
Type:
Bug
-
Resolution: Cannot Reproduce
-
Priority:
High
-
Component/s: Identity Integration - User Search
-
None
-
2
-
Severity 3 - Minor
Issue Summary
You can make API calls towards Jira using a Service account along with either API token or OAuth based authentication.
Currently requests against the Find users API will not return results when you use OAuth based authentication even if you satisfy every criteria:
- Service account has the necessary permissions
- The scopes selected follow the ones mentioned in the public documentation
- Both classic and granular scopes were tested
Steps to Reproduce
- Create a service account
- Make sure it has access to your site and has the necessary permissions (e.g. Browse users and groups global permission)
- Create an OAuth token
- Make a call against the find user endpoint:
curl --request GET \ --url https://api.atlassian.com/ex/jira/{CLOUD_ID}/rest/api/2/user/search?query=<EXISTING_USER_EMAIL_ADDRESS> \ --header 'Authorization: Bearer <OAuth token obtained>' \ --header 'Accept: application/json'
Expected Results
You will see the same results you get by calling that endpoint when using email address + API token.
Actual Results
No results are found:
no matches found
Workaround
As of now, API token authentication works.
Exclude scope "read:email-address:jira" from API token for Service Account
Additional information
The issue happens when scope "read:email-address:jira" is added to credentials on Service Account.
Please refer to https://jira.atlassian.com/browse/JRACLOUD-97318 for more details.
- is duplicated by
-
JRACLOUD-97318 Find users API endpoint returns empty results for Service Accounts with credentials having scope read:email-address:jira
-
- Closed
-