App stops working after customer made changes to rights management, REST API returns 403

Hi Experts!

For one of our customers, our confluence cloud app stopped working completely after he made changes to their global and space permissions.

The problem

Our app uses Atlassian Connect. We make a REST request to /rest/atlassian-connect/1/addons/(key) to check the licensing status. The server responds with 403 - “ Current user not permitted to use Confluence “. Our app acts on behalf of the current user, no extra “app user” is used.

The parameters

The current user reached this point from clicking a button on the Confluence page overflow menu, so he surely is permitted to use Confluence. At this point, we also already validated the JWT, so there should be no problem with the input data. So, the user we are acting on behalf obvsly has Confluence access.

The customer already tried to uninstall / reinstall the app to make sure that the security context is fine, but this did not help.

Comparable Threads

The problem is somewhat similar to the thread here, but it looks like they used an extra app user that lost its permissions. We are acting on behalf of the current user, so this does not apply to us.

Any ideas on how to fix this?

Hello @SteffenMueller,

I think the problem is exactly the same we had, but addressed to a different entity (while in our the case the problem was related with addon user permissions, I think your problem is related with the confluence user).

Probably, your client’s changes made users to stop accessing Confluence resources.
I suggest you to take a look here. We put together some findings that solved our problem. Please, give it a try. Also, please check with your client if he changed the default user group, and, that is the case, if that group has Confluence Access enabled by default. Also, if he did not change the default group, check if he moved the user to a group without that option enabled as well.

Hope this helps!
Best,
Luis

Dear @lfcgomes,
thank you for the tip! I handed the guide over to the customer to check it. Although I’m not sure that we have the same situation, our app does not have an app user in the user management. But we will see :wink:

Best!
Steffen

I believe all apps have an “app user”. We had a similar issue, where one of our customers could not find our app user, and thus could not give permissions to our app to access Confluence. We needed to get Atlassian support to help. See Add-on user permissions problem