As of March 8th, 2022 you cannot use function calls to webtrigger.gerUrl() in Forge together with the new scopes for Jira: such request fails with an Forge-internal error and you would have to roll back using the deprecated scopes: see [FRGE-643] - Ecosystem Jira. Therefore, it would be very helpful to get a notification when this critical bug is fixed before doing actions in migrating a Forge app, running into this problem.
This is the same error for Forge as for OAuth2, like reported by @MohamedAly, 4h ago.
For a Forge app, you should be able to update the scopes in your manifest to Granular Scopes by removing the deprecated scopes in the manifest and running forge lint --fix. Feel free to reach out to us if this isnāt the case/doesnāt work.
Hi @ScottLeggett thanks for your feedback and your support to the work we are undertaking to provide more app security to our mutual customers.
At the moment there are no concrete plans on granular REST APIs but it is something that we are looking into so interesting to have this input. What is your view on more granular APIs as a potential next step for Granular Scopes?
Hi @RandySwift, I now understand your particular use case - even when you use the new scopes to update your app the partner side of the app is using the old scopes in the authorization flow. The app requires to be updated for the flow to work again.
If this is correct we would suggest the following workaround: end users to change the URL in the authorization flow directly in the browser address bar. Would that be feasible for you? We will provide an update if anything changes on our end
For my specific use-case Iād like to have an API to determine if an issue is āvalidā (e.g. it exists, and is visible to the user). The most obvious API to use, Get Issue, requires 9 scopes. Ideally there would be some API to get very limited Issue data that only requires read:issue:jira.
Weāre seeing some strange behaviour with comment_created webhook events, is it possible the documentation doesnāt list all the required granular scopes for receiving such events?
I am trying to update two calls to the following Confluence Cloud REST API endpoints:
GET/wiki/rest/api/space
POST/wiki/rest/api/content
I managed to update my appās scopes and add the required new ones (read:content-details:confluence and write:content:confluence), according to the API docs.
Both show a huge list of possible operations on the re-auth page, but I only need to get the list of spaces and create pages.
For example, the classic read:confluence-space.summary scope seems way more granular for me than read:content-details:confluence. Also, there is a write:page:confluence scope that could be matched with the "type": "page" property of the request body, only granting access for creating pages instead of all types of content.
Is there any chance that these scopes can be changed before the deprecation window ends?
@MarcoAraujoNeves in the light of the comments received on the granular scopes rolled out we have stopped the deprecation. We will share more details shortly
@JuliaDaehne Is there any chance to let use Jira Software REST APIs from OAuth2 apps? Currently jira-software scopes are present only in the new granular setup, so it would be convenient to get a way to use it via some ānew legacyā scope.
We found that the wrong cloudId was being used. Once the user has authorised the app, you need to use the https://api.atlassian.com/oauth/token/accessible-resources to get all the sites that the user has authorised your app for. Search the list for the same URL and then use the cloudId (id in the list).
Itās been a month or so - can we get an understanding of whatās going on and what the next steps are? If this is truly on hold - can we get the documentation updated since it is causing confusion?
Hi @danielwester we are currently working on the doc updates. Apologies for taking so long. This should hopefully be done by latest next week. In the meantime we have started to review the granular scopes and way forward
Hi, I posted about an issue I had while migrating to the new scopes about a month ago here, but wanted to post on this thread as well since I havenāt gotten any feedback there.
As I understand it, the legacy scopes will no longer be deprecated, but my team and I would still like to use more granular scopes if possible.
---- begin original message ----
Iām in the process of updating my app to use the new granular scopes for JIRA OAuth. Iāve added the scopes in my code and in the developer console, but when I attempt to GET from /rest/api/3/project, I receive the below error message:
āAccess to the resource was denied due to missing scope grants. Your app was granted the following scopes: [read:field:jira, offline_access, read:issue:jira, read:label:jira, read:project:jira , read:project.component:jira].
The resource can be accessed by having one of these groups of:
As you can see in bold, the message is simultaneously telling me that I have the needed scope and that I canāt access the resource because I donāt have the needed scope.
I know that the endpoint Iām using is deprecated, but Iāve also tried with the newer /rest/api/3/project/search endpoint and get the same result. Iāve also hit the same endpoint in my browser and received a 200 response.
Has anyone else run into this? Am I missing something?
