401 Unauthorized with bearer token from OAuth

Hi

I’m having some trouble using the Confluence Cloud API for fetching a user’s groups.

I have an access token given by an OAuth flow. When I do a cURL for spaces, I get a proper response back:

$ curl -X GET https://api.atlassian.com/ex/confluence/[CLOUD_ID]/rest/api/space \
-H "Authorization: Bearer [TOKEN]" \
-H "Content-Type: application/json"

{"results": [...] }

However, if I ask for current user or groups I instead get:

$ curl -X GET https://api.atlassian.com/ex/confluence/[CLOUD_ID]/rest/api/user/current \                                                                                                                                                                   
-H "Authorization: Bearer [TOKEN]" \
-H "Content-Type: application/json"

{"code":401,"message":"Unauthorized"}

The user that was given the access token is an administrator and have access to “Admin & user access” for Confluence Cloud.

If I use my browser to log in as that user and go to https://MY_NAME.atlassian.net/wiki/rest/api/user/current I get the right information back. If I instead go to https://api.atlassian.com/ex/confluence/[CLOUD_ID]/rest/api/user/current I get

{
  message: "Current user not permitted to use Confluence",
  statusCode: 403
}

What can I do from here?

I have the following scopes enabled:

'offline_access',
'read:confluence-content.summary',
'read:confluence-space.summary',
'read:confluence-content.all',
'search:confluence',
'read:confluence-props',
'read:me'

I didn’t have the read:me before, and thought that it might have something to do with it, but no.