Disallowed to impersonate?

I’m at my wit’s end. Some requests to the /rest/api/2/filter/search endpoint complete successfully, but others fail with a 403 FORBIDDEN error and this message:

“Add-on ‘ourappkeyredacted’ disallowed to impersonate the user because ‘no valid active user exists’”

What does that message actually mean?

2 Likes

Hi @david.pinn ,

There are two locations is one location in our code where this message is logged. On the basis that you receive the error intermittently, I think there is a problem on our side relating to the retrieval of the user being impersonated (this error only occurs in Connect user impersonation requests).

I will reach out to the Jira Ecosystem team and ask them to prioritise this.

Regards,
Dugald

One thing to check on your side @david.pinn is that you are setting the JWT claims correctly for the user being impersonated and the OAuth Client ID.

Thanks, Dugald. I’d be very surprised if there’s a problem with the claims, but I’ll double-check.

Thanks @david.pinn . We are still looking into this.

With the help of @cmacneill, I was able to solve this problem today. It turns out that our app wasn’t filtering out users with accountType == "app", so our attempts to hit the /rest/api/2/filter/search endpoint were being rejected because they were being executed on behalf of other apps. We added some checks to our webhook code to avoid account types other than “atlassian” and “customer” and bingo! problem goes away. Many thanks to Conor.

1 Like