404 For Issue Request Using OAuth 2

Fetching issues using the REST API is returning 404 since today. The search request is working as expected but not the request to fetch a single issue. Works with PAT but not using OAuth 2.
Example Call: https://api.atlassian.com/ex/jira/<instance-id>/rest/api/3/issue/<issue-key>

Hello @SebastianKolb

Using OAuth 2.0 with the Get issue endpoint is working just fine for me.

A 404 error is not something to do with authentication, it’s a resource not found error. As per the documentation:

404 Not Found. Returned if the issue is not found or the user does not have permission to view it.

I know that it has nothing to do with authentication, but the problem is that how the endpoint is accessed. With an OAuth access token it is not working and with PAT it is working. Maybe it is related to this: https://developer.atlassian.com/cloud/jira/platform/changelog/#CHANGE-1462 But I am not sure what this request is violating.

i’m seeing the same issue from our end. if i do the same requests with the same user but basicauth, it’s still working.

EDIT: before somebody jumps in to say: “works for me, gtfo”, i’m already at collecting/reproducting to get more information to post here. will post as soon as i have everything together.

for me the following happens.

access with basic-auth works:

curl --verbose -u jiratest@usersnap.com:<$API_TOKEN> https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue/AP-1

< HTTP/2 200 
< date: Wed, 28 Feb 2024 12:54:50 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: f1c1b87db691d4e3729916198dc7c599
< set-cookie: atlassian.xsrf.token=acfd7ec38182be16caf711c8a7f5f6b39c4624cc_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-cache, no-store, no-transform
< vary: Accept-Encoding
< x-trace-id: a18b93b9e8ea419098b5417d8fde53d6
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: a18b93b9e8ea419098b5417d8fde53d6
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
< 
{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10740.requestTypePractice","id":"17900","self":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue/17900","key":"AP-1","fields":{"statuscategorychangedate":"2017-03-07T16:22:22.719+0100","issuetype":{"self":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issuetype/1","id":"1","description":"A problem which impairs or prevents the  ...

coming from oauth, it doesn’t work:

curl --verbose --request GET --url https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue/AP-1 --header 'Authorization: Bearer $BEARER_TOKEN' --header 'Accept: application/json'

< HTTP/2 404 
< date: Wed, 28 Feb 2024 12:56:34 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: f1688518240df6eaa453e70f01f200fd
< set-cookie: atlassian.xsrf.token=1f491c81c0f58aefbaa86d14e43d45f4a0d1af0b_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-cache, no-store, no-transform
< x-trace-id: 31a16da45c7d49be87bc1cb64ab2946c
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: 31a16da45c7d49be87bc1cb64ab2946c
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
< 
* Connection #0 to host api.atlassian.com left intact
{"errorMessages":["Issue does not exist or you do not have permission to see it."],"errors":{}}

note that it’s always the same url that i’m requesting: https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue/AP-1

also, the bearer token is not broken. it works – here’s a request (that i actually made after the i got the 404).

curl --verbose --request GET --url https://api.atlassian.com/oauth/token/accessible-resources --header 'Authorization: Bearer $BEARER_TOKEN' --header 'Accept: application/json'

< HTTP/2 200 
< date: Wed, 28 Feb 2024 12:58:02 GMT
< content-type: application/json; charset=utf-8
< content-length: 798
< x-frame-options: SAMEORIGIN
< x-content-typeoptions: nosniff
< etag: W/"31e-Kn1d39XHgC/699WasDTy9CuE4oc"
< server: AtlassianEdge
< x-trace-id: b812524470dd4e70a2c3f18b86526df2
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: b812524470dd4e70a2c3f18b86526df2
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
< 
* Connection #0 to host api.atlassian.com left intact
[{"id":"3296ed78-bb1c-4b3c-b112-2342707b2538","url":"https://usersnap-jiratest.atlassian.net","name":"usersnap-jiratest","scopes":["read:jira-user","read:jira-work","write:jira-work"],"avatarUrl":"https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/rings.png"},{"id":"df5b93f5-ac92-4c0e-8f95-ab5aaeca0722","url":"https://usersnap.atlassian.net","name":"usersnap","scopes":["read:jira-user","read:jira-work","write:jira-work"],"avatarUrl":"https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/koala.png"},{"id":"ea712a28-1636-4f3c-b8d3-d7a15f487591","url":"https://usersnaptest.atlassian.net","name":"usersnaptest","scopes":["read:jira-user","read:jira-work","write:jira-work"],"avatarUrl":"https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/koala.png"}]%

note that the user is also the same: usersnap-jiratest.

that is not even our actual problem, our problem is that the createmeta endpoints also deliver a 404, thus breaking our Jira Integration (because we’re fetching the createmeta before creating issues).

what can we do about this?

EDIT: FWIW, we started really seeing this yesterday. some logs indicate that this might have started feb 22, but not entirely clear if it’s the same thing.

Maybe related to the JIRA incident: Jira Software Status - Issue with Automation and Connect Apps

one more example, the Create Issue endpoint is also acting strange when used with OAuth. See the following. with basic auth, it just works – again:

curl --verbose -u jiratest@usersnap.com:$TOKEN -X POST --data '{ "fields": { "project": { "key": "AT" }, "summary": "test-summary", "description": "test-description", "issuetype": { "name": "Bug" }, "components": [{ "name": "First Component" }]  }  }' -H "Content-Type: application/json" https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue

< HTTP/2 201 
< date: Wed, 28 Feb 2024 14:33:52 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: cb81bbdf63976dd4317750488899d8ca
< set-cookie: atlassian.xsrf.token=bd7ad49de59f02331d8092ba65b0e3f7a69af1a1_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-cache, no-store, no-transform
< vary: Accept-Encoding
< x-trace-id: ba1d903ed60945868a17585226c46d1a
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: ba1d903ed60945868a17585226c46d1a
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
< 
* Connection #0 to host api.atlassian.com left intact
{"id":"20441","key":"AT-511","self":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue/20441"}

when using my oauth bearer token, it’s acting strangely, given the same payload:

curl --verbose -X POST --data '{ "fields": { "project": { "key": "AT" }, "summary": "test-summary", "description": "test-description", "issuetype": { "name": "Bug" }, "components": [{ "name": "First Component" }]  }  }' -H "Content-Type: application/json" -H "Authorization: Bearer $BEARER_TOKEN" -H "Accept: application/json" https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue

< HTTP/2 400 
< date: Wed, 28 Feb 2024 14:29:09 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: 983db3a3e5c5cc6876c1ce8ae897b49d
< set-cookie: atlassian.xsrf.token=50dd1693356f67fe30612cb3daaea2278fa8eef0_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-cache, no-store, no-transform
< x-trace-id: c8803b09238b43e99fc0049d7a6f0037
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: c8803b09238b43e99fc0049d7a6f0037
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
< 
* Connection #0 to host api.atlassian.com left intact
{"errorMessages":[],"errors":{"summary":"Field 'summary' cannot be set. It is not on the appropriate screen, or unknown.","description":"Field 'description' cannot be set. It is not on the appropriate screen, or unknown.","components":"Field 'components' cannot be set. It is not on the appropriate screen, or unknown."}}%

okay. so i remove all those fields it complains about (description, summary and components).

url --verbose -X POST --data '{ "fields": { "project": { "key": "AT" }, "issuetype": { "name": "Bug" } }  }' -H "Content-Type: application/json" -H "Authorization: Bearer $BEARER_TOKEN" -H "Accept: application/json" https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue

< HTTP/2 400 
< date: Wed, 28 Feb 2024 14:30:28 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: 4d48c7575eb5641e3d7f9c27007a59a6
< set-cookie: atlassian.xsrf.token=32ce450152fde297fed04fb821fc54de53705cf1_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-cache, no-store, no-transform
< x-trace-id: 9d7a66fe62d3475cbb6b096798bb9ece
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: 9d7a66fe62d3475cbb6b096798bb9ece
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
< 
* Connection #0 to host api.atlassian.com left intact
{"errorMessages":[],"errors":{"summary":"You must specify a summary of the issue.","components":"Components is required."}}

→ i guess i need to add a summary components – you know, the thing i had specified 1 request ago, before you told me i have to remove it.

and yes, the bearer token is valid (see timestamp):

curl --verbose --request GET --url https://api.atlassian.com/oauth/token/accessible-resources --header 'Accept: application/json' -H "Authorization: Bearer $BEARER_TOKEN" -H "Accept: application/json"

< HTTP/2 200
< date: Wed, 28 Feb 2024 14:32:10 GMT
< content-type: application/json; charset=utf-8
< content-length: 798
< x-frame-options: SAMEORIGIN
< x-content-typeoptions: nosniff
< etag: W/"31e-Kn1d39XHgC/699WasDTy9CuE4oc"
< server: AtlassianEdge
< x-trace-id: 9cfd2344f4c845b5af4c1bc49b9c18b5
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: 9cfd2344f4c845b5af4c1bc49b9c18b5
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
<
* Connection #0 to host api.atlassian.com left intact
[{"id":"3296ed78-bb1c-4b3c-b112-2342707b2538","url":"https://usersnap-jiratest.atlassian.net","name":"usersnap-jiratest","scopes":["read:jira-user","read:jira-work","write:jira-work"],"avatarUrl":"https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/rings.png"},{"id":"df5b93f5-ac92-4c0e-8f95-ab5aaeca0722","url":"https://usersnap.atlassian.net","name":"usersnap","scopes":["read:jira-user","read:jira-work","write:jira-work"],"avatarUrl":"https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/koala.png"},{"id":"ea712a28-1636-4f3c-b8d3-d7a15f487591","url":"https://usersnaptest.atlassian.net","name":"usersnaptest","scopes":["read:jira-user","read:jira-work","write:jira-work"],"avatarUrl":"https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/koala.png"}]

The support said they are investigating this issue. Please check their status page regarding the current incident they have.

2 Likes

@SebastianKolb regarding Partial removal of lenient URL path processing for OAuth 2.0 requests, affected requests produce a 401 responses with a X-Failure-Category: FAILURE_CLIENT_SCOPE_CHECK header.

1 Like

@MartinSereinig your 404 response seems to match what you would see if the app was blocked under App Access Rule, see App access rule under data security policies: early access for Jira customers and partners live this week.

2 Likes

hey @epehrson thanks for your answer.

i read through the links, and i think this is not what we’re seeing here. we’re not an app, we just make requests on behalf of the logged in user – also we don’t have that enabled on our development space:

i’ve also checked the the endpoints that are mentioned in the linked article, to react correctly if the app is being blocked, and those endpoints told me “that i’m not an app”.

/api/3/data-policy:

curl --verbose -H "Authorization: Bearer $BEARER_TOKEN" https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/3/data-policy

< HTTP/2 403
< date: Wed, 28 Feb 2024 20:01:00 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: 1ed4e083d5686e36b73bfae05d864a77
< set-cookie: atlassian.xsrf.token=dc77acf678924284755a031081bc4fdc4bb81a11_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-store, no-cache
< www-authenticate: OAuth realm="https%3A%2F%2Fusersnaptest.atlassian.net"
< www-authenticate: OAuth realm="https%3A%2F%2Fusersnaptest.atlassian.net"
< x-trace-id: 55ecf7a31ec14a558bd9de5f8edf88cc
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: 55ecf7a31ec14a558bd9de5f8edf88cc
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
< vary: Accept-Encoding
<
{"errorMessages":["Only apps can access this resource."],"errors":{}}

same for the /api/3/data-policy/project:

curl --verbose -H "Authorization: Bearer $BEARER_TOKEN" https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/3/data-policy/project

< HTTP/2 403
< date: Wed, 28 Feb 2024 20:01:16 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: 0fc70eaf3b63c395bcc58bf7c032f555
< set-cookie: atlassian.xsrf.token=c657cef2ae25c2a782d97fb7e49451222f4666e8_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-store, no-cache
< www-authenticate: OAuth realm="https%3A%2F%2Fusersnaptest.atlassian.net"
< www-authenticate: OAuth realm="https%3A%2F%2Fusersnaptest.atlassian.net"
< x-trace-id: cbf3d38ebbe04c9aa7a8ba197e0a52eb
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: cbf3d38ebbe04c9aa7a8ba197e0a52eb
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
< vary: Accept-Encoding
<
{"errorMessages":["Only apps can access this resource."],"errors":{}}%

i’ve also noticed the same thing as was raised in this issue: Create Issue Meta Endpoint not returning fields - #3 by KunalChadha - we don’t get the entire set of fields returned on the createmeta. i could imagine that this is also connected to the strange behaviour we see with the issue create (summary must be present, but also can’t be present, see above).

with basic auth (new style):

curl --verbose -u jiratest@usersnap.com:$PERSONAL_TOKEN https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue/createmeta/10735/issuetypes/10436

< HTTP/2 200
< date: Wed, 28 Feb 2024 20:17:57 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: b19c3b4e5fb2debbfe186d46653df2c9
< set-cookie: atlassian.xsrf.token=2cf0ff958e6ac2443ddeaf14606f28b10567506c_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-cache, no-store, no-transform
< vary: Accept-Encoding
< x-trace-id: 1900c8f4717845ffa8f147054b28e2da
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: 1900c8f4717845ffa8f147054b28e2da
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
<
{"startAt":0,"maxResults":50,"total":15,"fields":[{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/user/assignable/search?project=TKAG&query=","hasDefaultValue":false,"operations":["set"],"fieldId":"assignee"}, ...

with basic auth, in the old style, it also works:

curl --verbose -u jiratest@usersnap.com:$PERSONAL_TOKEN 'https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue/createmeta?projectIds=10735&expand=projects.issuetypes.fields&issuetypeIds=10436'

< HTTP/2 200
< date: Wed, 28 Feb 2024 20:18:13 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: ce0d03bcd9c0af866cbeb6f6f2b800f2
< set-cookie: atlassian.xsrf.token=9b182e0b9f3640cd2a298ec91c20d96b759377a6_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-cache, no-store, no-transform
< vary: Accept-Encoding
< x-trace-id: 1f4e8531004e4ccd99f96efdd9f3924e
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: 1f4e8531004e4ccd99f96efdd9f3924e
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
<
{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/project/10735","id":"10735","key":"TKAG","name":"tkag test","avatarUrls":{"48x48":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649","24x24":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649?size=small","16x16":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649?size=xsmall","32x32":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649?size=medium"},"issuetypes":[{"self":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issuetype/10436","id":"10436","description":"Tasks track small, distinct pieces of work.","iconUrl":"https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318? ....

while the return from old vs. new createmeta is a bit different (not-wrapped in projects, pagination), the returned fields are the same, summary, description, etc. - customfields are also included (i have a complete copy the response, i just don’t to make this post to long and unreadable, but can send it, if it helps).

but if run the createmeta not with basic-auth, but with my oauth token, i either don’t get anything in return:

createmeta - new style, with oauth token:

curl --verbose -H "Authorization: Bearer $BEARER_TOKEN" https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue/createmeta/10735/issuetypes/10436

< HTTP/2 404
< date: Wed, 28 Feb 2024 19:56:41 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: 40ab3de44024e2f7883e2ef7d4e6068c
< set-cookie: atlassian.xsrf.token=a718e26619c5fb86b52ed720f677de4c927b1b47_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-cache, no-store, no-transform
< x-trace-id: f7333e617f9b4989a878348c9e920c13
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: f7333e617f9b4989a878348c9e920c13
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload
<
* Connection #0 to host api.atlassian.com left intact
{"errorMessages":["You cannot create issues in this project."],"errors":{}}

or, i don’t get all of the fields: createmeta - new style, with oauth token:

curl --verbose -H "Authorization: Bearer $BEARER_TOKEN" 'https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issue/createmeta?projectIds=10735&expand=projects.issuetypes.fields&issuetypeIds=10436'

< HTTP/2 200
< date: Wed, 28 Feb 2024 19:56:51 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: 66d405f7ba83d75c6f517737f27fa7a8
< set-cookie: atlassian.xsrf.token=3cda1d34d29bd47a98af3b93d2261826f3ba7db7_lin; Path=/; SameSite=None; Secure
< x-aaccountid: 557058%3Ab5c2d168-22a2-4fbc-ad59-617cc01675f1
< cache-control: no-cache, no-store, no-transform
< vary: Accept-Encoding
< x-trace-id: 15e2789a23fd4ccbab1dbafc519561bd
< x-frame-options: SameOrigin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: 15e2789a23fd4ccbab1dbafc519561bd
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
< strict-transport-security: max-age=63072000; preload

{
    "expand": "projects",
    "projects":
    [
        {
            "expand": "issuetypes",
            "self": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/project/10735",
            "id": "10735",
            "key": "TKAG",
            "name": "tkag test",
            "avatarUrls":
            {
                "48x48": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649",
                "24x24": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649?size=small",
                "16x16": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649?size=xsmall",
                "32x32": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649?size=medium"
            },
            "issuetypes":
            [
                {
                    "self": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issuetype/10436",
                    "id": "10436",
                    "description": "Tasks track small, distinct pieces of work.",
                    "iconUrl": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium",
                    "name": "Task",
                    "untranslatedName": "Task",
                    "subtask": false,
                    "scope":
                    {
                        "type": "PROJECT",
                        "project":
                        {
                            "id": "10735"
                        }
                    },
                    "expand": "fields",
                    "fields":
                    {
                        "issuetype":
                        {
                            "required": true,
                            "schema":
                            {
                                "type": "issuetype",
                                "system": "issuetype"
                            },
                            "name": "Issue Type",
                            "key": "issuetype",
                            "hasDefaultValue": false,
                            "operations":
                            [],
                            "allowedValues":
                            [
                                {
                                    "self": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/issuetype/10436",
                                    "id": "10436",
                                    "description": "Tasks track small, distinct pieces of work.",
                                    "iconUrl": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium",
                                    "name": "Task",
                                    "subtask": false,
                                    "avatarId": 10318,
                                    "entityId": "fc28ab63-00d6-44fb-b805-49704dfbc8d7",
                                    "hierarchyLevel": 0
                                }
                            ]
                        },
                        "parent":
                        {
                            "required": false,
                            "schema":
                            {
                                "type": "issuelink",
                                "system": "parent"
                            },
                            "name": "Parent",
                            "key": "parent",
                            "hasDefaultValue": false,
                            "operations":
                            [
                                "set"
                            ]
                        },
                        "project":
                        {
                            "required": true,
                            "schema":
                            {
                                "type": "project",
                                "system": "project"
                            },
                            "name": "Project",
                            "key": "project",
                            "hasDefaultValue": false,
                            "operations":
                            [
                                "set"
                            ],
                            "allowedValues":
                            [
                                {
                                    "self": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/project/10735",
                                    "id": "10735",
                                    "key": "TKAG",
                                    "name": "tkag test",
                                    "projectTypeKey": "software",
                                    "simplified": true,
                                    "avatarUrls":
                                    {
                                        "48x48": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649",
                                        "24x24": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649?size=small",
                                        "16x16": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649?size=xsmall",
                                        "32x32": "https://api.atlassian.com/ex/jira/ea712a28-1636-4f3c-b8d3-d7a15f487591/rest/api/2/universal_avatar/view/type/project/avatar/10649?size=medium"
                                    }
                                }
                            ]
                        }
                    }
                }
            ]
        }
    ]
}

as you can see many of the fields are missing: summary, description, component, etc.


we’re getting desperate here – our jira integration just stopped working for some customers and all debugging calls just return something different than a few days ago. our customers are obviously complaining and since they can’t forward their issues from Usersnap to Jira, they’re missing out on the value they’re used to – both from Usersnap and Jira.

every help is appreciated!

@SebastianKolb and @MartinSereinig,

I’m really worried that 2 meaningful consumers of the Jira REST APIs via OAuth 2.0 are suffering similar problems. I wouldn’t have known about this issue if you had not posted here, and with your posts, I think we are helping other potential consumers know there might be an issue. For that, I thank you both for starting here.

That said, I’d ask that each of you please log developer support tickets, if you haven’t done so already. Especially with auth problems like this, there may be a need to exchange some secrets and to dig into back-end logs, neither of which are possible here in this community forum.

Apologies to you and our mutual customers for the delay in recognizing that path of action.

Edit: Adding @KunalChadha thanks to @sunnyape’s cross reference from Create Issue Meta Endpoint not returning fields

thanks! i just filed an incident ticket with support.

@ibuchanan
Our Jira Integration in BrowserStack has stopped working too for some customers and we haven’t been able to find any solution here
I will go ahead and raise a developer support ticket
Thanks for looking into this

Hello @KunalChadha

One of the impacts of that Deprecation notice was that OAuth 2.0 requests will no longer be pre-processed to fix invalid URLs in requests, including the removal of trailing slashes.

In your thread, I can see that you have such a trailing slash in your provided example request:

curl --location 'https://api.atlassian.com/ex/jira/{{Cloud Id}}/rest/api/3/issue/createmeta/?projectIds=10225&expand=projects.issuetypes.fields&issuetypeIds=10003' \

That extra forward slash after the word ‘createmeta’ and before the question mark should not be there, so first try removing it. It might be the fix, in your specific case.

I tested the APIs without the forward slash as well and faced the same issues

1 Like

Our dev team is currently looking into this issue.

Please check (and subscribe to) below link to the developers status page for updates:

1 Like

seem like all is good again. thanks a lot, @Dario_B

2 Likes

Thanks, seems to be fixed.

3 Likes