403 forbidden in calling Issue-Get Transition API while no problem to call other Jira APIs

Context: I have an Oauth2 Jira APP. Recently, I updated all scopes for the app as required.

Now, some users (not all) of this Jira APP after they re-authorized the Jira App for their Jira sites, they can call the accessible Resource API and Get Issue Data API (GET /rest/api/3/issue/{issueIdOrKey}) and others.

But they failed to call Get Issue Transition(GET /rest/api/3/issue/{issueIdOrKey}/transitions) API with 403 error.

&{403 Forbidden 403 HTTP/2.0 2 0 map[Content-Type:[application/json;charset=UTF-8] Date:[Wed, 09 Mar 2022 21:29:03 GMT] Expect-Ct:[report-uri=“https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy”, enforce, max-age=86400] Server:[envoy] Strict-Transport-Security:[max-age=315360000; includeSubDomains; preload] Timing-Allow-Origin:[*] X-Arequestid:[5230de8c-0298-4485-a6b9-9b370c2145b2] X-Content-Type-Options:[nosniff] X-Envoy-Upstream-Service-Time:[17] X-Frame-Options:[SameOrigin] X-Request-Id:[4d692e51d10c0eff] X-Trace-Id:[4d692e51d10c0eff] X-Xss-Protection:[1; mode=block]] 0xc0023d4f30 -1 false true map 0xc00227aa00 0xc001fbbb80}

The scopes associated with them at the authorized Jira site:
[read:epic:jira-software delete:webhook:jira read:attachment:jira read:avatar:jira read:comment:jira read:field:jira read:issue-meta:jira read:issue-security-level:jira read:issue-status:jira read:issue-type:jira read:issue:jira read:issue.changelog:jira read:issue.transition:jira read:issue.vote:jira read:jql:jira read:permission:jira read:priority:jira read:project:jira read:status:jira read:user:jira read:user.property:jira read:webhook:jira read:field-configuration:jira write:issue:jira write:issue.property:jira write:webhook:jira]

Actually the users have the required scopes ( read:issue.transition:jira , read:status:jira , read:field-configuration:jira) for the Get Issue Transition(GET /rest/api/3/issue/{issueIdOrKey}/transitions)API.

I wonder if some one has any clue or hint. Thanks a lot!

@TeamCoze the issue around read:issue.transition:jira should be fixed now, please try calling again the /transitions endpoints

1 Like

I am getting a similar issue when using the Transition issue
POST /rest/api/3/issue/{issueIdOrKey}/transitions) endpoint

This is for my Connect on Forge App
atlassian-connect.json permission is - "scopes": [ "read", "act_as_user", "write" ]

The Forge manifest has the below permissions

scopes: [ "read:connect-jira" , "write:issue:jira"]

403 Error

my use case is OAuth APP. I assume the permission model and required scopes between OAuth and Forge APP are the same.

1 Like

I’ve sent you a reply on the new post @ajay here:

Hello @TeamCoze
Not sure if this might bring any value. In my case we realized our firewall was blocking the Jira URL resolution at Application level.

After the URL was whitelisted the 403 error was taken care of. Permissions were in place for us and that was the tricky piece to look at network level.