Accessible-resources works but retrieving end point information does not


I have a strange issue. I have two apps set up, one for production, one for staging (OAuth 2.0 integrations). They are both set up with the same credentials and settings.

My app needs access to: View Jira issue data and View user profiles

For the staging application, I am able to get the access token, send the credentials as a bearer token, and successfully call:

It returns the information with the instance url.

When I view the JWT, it has the correct client id for the staging application.

It also has the scopes: read:jira-work read:jira-user offline_access

When I try to use the same JWT as a bearer to get any other information, I get a 401 error (searching tickets, get users, get fields etc).

On production, the exact same code works as expected (against the production app).

I’m at a loss :frowning:

@alonsabi welcome to the Atlassian developer community.

Am I correct that you are using the same Jira Cloud site for both staging and production? If so, I believe this is the problem:

They are both set up with the same credentials and settings.

Specifically, each time you authorize the app, the prior authorization is revoked. In other words, OAuth is stateful on Atlassian with the expectation that state is managed through interaction with a single client. Here, sharing the client id and secret across independent, even if identical, clients in staging and production doesn’t fit with those constraints.

The easy thing to do is to create a new Jira Cloud site for staging. However, I would also recommend creating a different OAuth client for staging.