Accessing emailed approval links through a different browser session silently fails

Issue Summary

When a Jira Service Management project is configured with an Approval step in their workflow and this triggers an Approval required customer notification and the notification is enabled with the Approve or Decline buttons, using the approval link with a user account's session silently fails.

This looks to be somewhat of an edge case and a number of steps need to be in place for the issue to occur. The behavior somewhat changes on the account access to the ticket itself meaning if the account in the browser session does not have access to the ticket, the user will see a permission error in the browser.

The primary problem occurs when both users (the intended approver) and the user accessing the approver link have access to view the issue. The most likely occurrence of this issue would be where a user has two active Atlassian Accounts where one account's email address is an alias to the other therefore emails are going to the same inbox.
 

Steps to Reproduce

Project setup:

1. Create a Jira Service Management project and configure a workflow to have an Approval workflow step
2. Configure the Project settings > Customer notifications > Approval required notification to allow approving or declining the approval step via the buttons

User setup:

1. Create an Atlassian Account for the user ie: test@example.com
2. Create a separate Atlassian Account for the alias ie: test+alias@example.com
3. Ensure both accounts have access to the project

Issue setup:

1. Add one of the accounts to the field configured for the approval step
2. Ensure the other account is able to access the ticket ie they're a reporter or request participant for example
3. Transition the issue to trigger the approval workflow so that an email is sent to the user in the approval field

Browset setup

1. Ensure that you are logged into the Atlassian Account that is not the approver in your browser
2. When the email is received click the approve button

Expected Results

The user should see an error to indicate they are unable to approve the issue as they are not an approver.

Actual Results

The customer portal view of the ticket is loaded and no approval action is taken. This failure is silent and there is no indicator of errors to the user to suggest they are interacting with the page using the wrong account.

Note: If the Approvers can use 'Approve' and 'Decline' buttons without being signed in is selected for the approval notification settings, because there is an authenticated session in the browser, this issue still happens.

Workaround

The primary workaround would be to ensure the user's most appropriate account is selected for approval and they are authenticated as that user in the portal.

If there is a need for the user to have multiple Atlassian accounts that share a single inbox, copying the button link and navigating to it in a new incognito or private browser window should either approve if the user does not have to be logged in or will ask the customer to authenticate in the portal.