Development Tools API authentication problems

I have been trying to upgrade our company connect app to send data to the Development Tools https://developer.atlassian.com/cloud/jira/software/rest/#api-bulk-post

The documentation is a little confusing about whether this can be done from the connect app or it must be done via OAuth2.0. Following the instructions on the site I have done the following;

  1. Added the jiraDevelopmentTool section to atlassian-connect.json (see below link to repo)
  2. Attempted to send data using the node connect app SDK like I would for any other jira requests (which are working). Post data sent to /rest/bulk in request.json
  3. Received a 403 Error, I’m confused as to whether I’ve misread the documentation - which suggests this should work and a 403 implies a misconfigured atlassian-connect.json file or there is something I’m missing? The request is (sanitized) and in the /request.json file in the below linked branch.

The project is OSS so sharing code is caring :smile: https://github.com/SimeonC/jira-gitlab-seneschal/blob/dev-tools-upgrade branch is the current work I’m doing that is giving me the above issue.

If anyone can help point me in the correct direction that would be really helpful!

@SimeonCheeseman

403 is returned when:

The JWT token used does not correspond to an app that defines the jiraDevelopmentTool 
module, or the app does not define the 'WRITE' scope

You added WRITE to permission scope and JWT token to your request?

The documentation also says that

Apps cannot access this REST resource.

Yea, this is what I was getting at with the documentation is confusing - if that’s the case then why does it tell you that you can use a connect app JWT token with the correct module set as @Mcobanov quoted above. Can I or can’t I use it? :man_shrugging:

Yes, I do have WRITE permission in the scopes permission, along with read, admin and project_admin. I’m using jwt auth through atlassian-connect-express so even though it’s sanitized in my debug output it should be sending the token as that’s how it authenticates all other endpoints.

Oh, and as I didn’t mention it before my app (add-on?) is using https://bitbucket.org/atlassian/atlassian-connect-express/ to connect and authenticate.

OK, so now I read the documentation again and compare it to other endpoints like the Feature Flags I see that it is for some reason restricted to not support apps.

So, seeing as my workaround for this is going to be add fields and instructions to generate and save the client_id and client_secret into the DB so my app can function as I want it to (probably the same as the Jenkins integration). Does anyone know and can share the reasoning as to why we can’t access the endpoint from a connect app directly? It kind of feels like I’m being forced to authenticate this feature twice with Jira, once for the app to be able to display the dev tools via app install and then a second time to send the development values with OAUTH2.