Hello,
I’m a rookie in JIRA Add on development. When I execute a REST API method (/rest/greenhopper/latest/rapidviews/list), I get a 403 error in return. After some digging it seems to be related with lack of authentication.
I’ve been looking through the SDK documentation and I found out about the 3 authentication methods: Basic, Cookie based and OAuth. What I would like to know is what is the correct way to handle the issue, being that the Add On will be running “inside” JIRA, after the user authenticates. Is there a way to inherit the current user context, instead of having the add on authenticating once again.
usually, if you serve your front-end via a servlet from inside Jira, your REST requests to your API should be authenticated via the cookie that the current user uses.
You could still 403 if your base URL is something other than the URL you use to access Jira, e.g. base URL is http://localhost:2990/jira and you access it via http://your-macbook-pro.local:2990/jira . Then the authentication cookie will be assigned to the wrong URL and your REST calls would throw 403s.
Could that be the case?