403 When trying to create an issue in a private issue tracker via cloud app JWT and cloud REST api


I am trying to test the creation of issues on a private issue tracker in one of my workspaces. I am using our development cloud app to authenticate the calls, with the scopes “issue:write”, “repository”, “account”, and “pullrequest”. According to the docs: https://developer.atlassian.com/cloud/bitbucket/rest/api-group-issue-tracker/#api-repositories-workspace-repo-slug-issues-post all I should need is the “issue:write” scope.

I then tried adding more scopes to see if there was some other scope I needed, but even after re-installing the app on my workspace and completely removing/installing it, I still can’t create the issues .

I tried exchanging the JWT I am creating for an access token in order to view the scopes, and the scopes don’t seem to have the updated scopes I added to the descriptor (though it still has issue:write, account, and pullrequest)

I see the additional scopes when I am authorizing the install of the app, so it is strange to me that the JWT doesn’t seem to get the new ones.

So I have 2 problems:

  1. The “issue:write” scope doesn’t seem to be enough to create issues on a private issue tracker, even combined with the “repository” scope.

  2. I don’t get updated scopes if I update my app and generate a new JWT. The app isn’t on the marketplace, so I am using its install url directly.