For one of our customers, our confluence cloud app stopped working completely after he made changes to their global and space permissions.
Our app uses Atlassian Connect. We make a REST request to
/rest/atlassian-connect/1/addons/(key) to check the licensing status. The server responds with 403 - “
Current user not permitted to use Confluence “. Our app acts on behalf of the current user, no extra “app user” is used.
The current user reached this point from clicking a button on the Confluence page overflow menu, so he surely is permitted to use Confluence. At this point, we also already validated the JWT, so there should be no problem with the input data. So, the user we are acting on behalf obvsly has Confluence access.
The customer already tried to uninstall / reinstall the app to make sure that the security context is fine, but this did not help.
The problem is somewhat similar to the thread here, but it looks like they used an extra app user that lost its permissions. We are acting on behalf of the current user, so this does not apply to us.
Any ideas on how to fix this?