403/401 when trying to use the v3 API

Hi,

I’m trying to create a new issue type using the V3 API.
I have a Forge Custom UI app and I’m calling this endpoint from a web-trigger.

When I use asApp():

await api.asApp().requestJira( route`/rest/api/3/issuetype`, {
		method: 'POST',
		headers: {
			'Accept': 'application/json',
			'Content-Type': 'application/json'
		},
		body: bodyData
	} );

I always get this error:

INFO    10:06:16.588  0727b00aef3dc0b3  {
  errorMessages: [
    'You are not authorized to perform this act
ion. Administrator privileges are required.'
  ],
  errors: {}
}

When I try to do the same with asUser():

await api.asUser().requestJira( route`/rest/api/3/issuetype`, {
		method: 'POST',
		headers: {
			'Accept': 'application/json',
			'Content-Type': 'application/json'
		},
		body: bodyData
	} );

I always get this error:

INFO    10:21:33.574  793bd3790d48c036  {
  message: 'Authentication required',
  name: 'NEEDS_AUTHENTICATION_ERR',
  status: 401,
  serviceKey: 'atlassian-token-service-key'
}

I’m pretty lost here… BTW, the same happens when I try to create custom fields.
Any Idea how to overcome this issue?

** I’m the ORG admin, so I’m expecting it to work…

@amityahav could you share your app manifest permissions please?

Hi @Dmitrii,

Here they are:

permissions:
  scopes:
    - write:jira-work
    - storage:app
    - read:jira-work
    - read:me
    - manage:jira-configuration
    - manage:jira-project
  content:
    styles:
      - 'unsafe-inline'

:wave: Hi!

I have a Forge Custom UI app and I’m calling this endpoint from a web-trigger.

Web-triggers currently only support asApp() calls - not asUser(). This is due to the fact that we can’t pass a user context to webtriggers, as in theory they could be triggered from anywhere on the internet.


I believe what you’re looking for here is probably https://developer.atlassian.com/platform/forge/runtime-reference/custom-ui-resolver/ - resolvers that can be called from Custom UI via the Forge Bridge. I believe these should have asUser() available.

You could also make this request directly from the front-end - Custom UI requestJira

1 Like

Hi @shraj,

Thanks for replying here.
For some reason, asApp also missing the required permissions. Any idea why?

Oh my bad, I missed the error message off of the first one :man_facepalming:

If you have a look here - https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issue-types/#api-rest-api-3-issuetype-post
You’ll see that the API you’re after requires:

manage:jira-configuration
“Administer Jira Global Permission”

It looks like you have the first. I believe you need to give the System User backing the Forge app access to that permission, via the Admin portal :slight_smile:

Hi @shraj,

Can you please guide me on how to add this “Administer Jira Global Permission” permission?
Also, I can’t find this System User anywhere…

Also, does the ScheduledTrigger can have access to asApp or asUser?

Can I use the requestJira from @forge/bridge directly in the Forge app or only inside the Custom UI app?

Hi @shraj,

Let me explain the scenario: I have a set of calls that I need to perform when the user installs the app. Since there’s no dedicated module for that, I want to create a scheduled web trigger that will do that.

The idea is to perform this set of operations and save a flag in the app’s storage. Then, whenever this scheduled web triggered is called, it will first check the flag. If it’s true, it will not perform these operations.

Now, I have several issues with that:

  1. The scheduled trigger is not called when the app is installed. It will start on it’s next interval and not when the user install the app.

  2. I can’t use asApp/asUser inside the scheduled trigger. I also tried to use requestJira from @forge/bridge, but it doesn’t work as well.

Any idea how to do this process?

Hi
Apologies for the late response, I wasn’t notified of the replies here.

  1. The scheduled trigger is not called when the app is installed. It will start on it’s next interval and not when the user install the app.

I believe this is expected behaviour. I don’t believe we support directly performing an operation on the app being installed - the scheduled trigger is fired on the specified interval period.

  1. I can’t use asApp / asUser inside the scheduled trigger. I also tried to use requestJira from @forge/bridge , but it doesn’t work as well.

asUser is not available in scheduled triggers. @forge/bridge is only available to Custom UI apps (i.e. running on the front-end). asApp() would be your best bet here, and my previous comment around permissions still applies

Ah there seems to be another limitation around asApp() usage for accessing restricting data too. [FRGE-212] App permissions on Jira projects and Confluence spaces for asApp authentication are not configured after Forge app installation - Ecosystem Jira contains workarounds :slight_smile:

Hi @shraj,

I already tried the suggested workarounds, but none of them works for me.
Any idea when this issue will be resolved?