Cannot load space icon on custom UI

I’m encountering an issue where I cannot load the space icon on my Custom UI in an Atlassian app. The request to Confluence for fetching the icon is consistently returning a 401 Unauthorized error with the message: "Unauthorized; scope does not match".

The manifest.yml:

permissions:
  scopes:
    - write:jira-work
    - storage:app
    - read:jira-work
    - read:jira-user
    - read:project:jira
    - read:page:confluence
    - read:confluence-space.summary
    - read:confluence-props
    - read:confluence-content.all
    - read:confluence-content.summary
    - read:space:confluence
    - read:attachment:confluence
    - readonly:content.attachment:confluence

The code I am attempting (on the resolver side where I am able to make other requests):

const request = await api
  .asApp()
  .requestConfluence(
    route`/wiki/download/attachments/2359298/Cloned?version=2&modificationDate=1723896711039&cacheVersion=1&api=v2`,
  );

Issue:
The error suggests a scope mismatch, but I’m unsure which scope is missing or incorrectly configured. I’m trying to display a project icon in the Custom UI using an avatar, and I believe the read:space:confluence and read:attachment:confluence scopes should cover the request.

Steps to Reproduce:

  1. Use the provided manifest and permissions.
  2. Attempt to fetch the icon via the code snippet in a Custom UI environment.
  3. Observe the 401 Unauthorized error.

Expected Behavior:
The space icon should load successfully and be displayed on the Custom UI using the provided Avatar component.

Actual Behavior:
The request fails with a 401 Unauthorized error, preventing the icon from loading.

Could you please help identify what is wrong with the current setup or suggest the necessary scopes to allow the icon to load successfully?

[edit]
If I try:

const da = await api
    .asApp()
    .requestConfluence(
      route`/wiki/rest/api/content/2359298/child/attachment/att2359384/download`,
    );

I get the error: PROXY_ERR: Forge platform failed to process runtime HTTP request - 403 - BLOCKED_EGRESS

Thank you!

I was able to make it work on the CustomUI by calling:
import { requestConfluence } from '@forge/bridge'; on the react component:

const response = await requestConfluence(value.path)
if (response.ok) {
    const contentType = response.headers.get('content-type');
    const arrayBuffer = await response.arrayBuffer();
    const base64String = btoa(String.fromCharCode(...new Uint8Array(arrayBuffer)));
}

However, I need to download this on the backend side… can you help me?