-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Medium
-
Affects Version/s: 11.3.0, 11.3.1, 11.3.2, 11.3.3
-
Component/s: Jira Service Management
-
1
-
Severity 3 - Minor
Issue Summary
When using the Service Account feature in Jira Data Center, users are unable to access certain REST API endpoints despite having a valid Bearer token.
The issue appears to be a conflict introduced when Jira Service Management (JSM) is installed alongside Jira Software (JSW).
Steps to Reproduce
- Ensure Jira Service Management is installed and enabled on a Jira Data Center instance.
- Create a Service Account and generate client_id and client_secret.
- Generate an OAuth2 token using the following curl command:
curl -X POST --location 'https://<JIRA_URL>/rest/oauth2/latest/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id=<ID>' \ --data-urlencode 'client_secret=<SECRET>' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'scope=READ WRITE READ_ALL'
- Use the returned Bearer token to call a standard Jira REST API endpoint, for example:
curl -L -H "Authorization: Bearer <TOKEN>" "https://<JIRA_URL>/rest/api/2/issue/<ISSUE-KEY>"
Expected Results
The API should return the resource data based on the permissions granted to the Service Account.
Actual Results
via Terminal:
The API returns an error response :
{
"errorMessages": ["This resource is not allowed for 2LO access."],
"errors": 403
}
via REST API client(Postman):
The API returns an error response :
HTTP 406 Not Acceptable"
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
- links to
