Failing to get current user information with Oauth2 3LO

Hi
I made an app that use ‘Login with Atlassian’ with Oauth as described here
I am able to get the ‘accessible-resources’:

{id=myCloudId, url=coudUrl, name=theName, scopes=[read:confluence-user], ...

But then I need the user account id, so I use the get current user endpoint for Confluence.
with

GET https://api.atlassian.com/ex/confluence/myCloudId/wiki/rest/api/user/current

But there the server answer with 401 - “Unauthorized; scope does not match”, even though the doc mentions OAuth scopes required : read:confluence-user, scope that is available according to the ‘available-resources’ endpoint.

The cloudId seems to be correct (otherwise I get a 404 Not Found), and the JWT token is also correctly given (otherwise I get a 403 Current user not permitted to use Confluence)

[edit] If I try with another endpoint, for example /wiki/rest/api/space, I get “401 Token is missing required scopes: read:confluence-space.summary” which is expected.

Looks like “401 - Unauthorized; scope does not match” is the default error when we use an invalid endpoint path. /wiki/rest/api/user/anonymous and /wiki/rest/api/user/current behave as if they were no implemented.

Am I missing something ?

2 Likes

Hi @piettes,

Can you please try calling other APIs that require read:confluence-user and let me know if they succeed or fail?

Michael

I’ve been having the same problem. I am trying to use Atlassian forge to get information about the currently logged on user in Confluence. My function body looks like this:

const response = await api.asUser()
    .requestConfluence('/wiki/rest/api/user/current')
return await response.json()

I found my way here, and tried using the wiki/rest/api/user endpoint instead.

const accountId = await getAccountId()
const response = await api.asUser()
    .requestConfluence('/wiki/rest/api/user?' + new URLSearchParams({accountId}))
return await response.json() as User

Yet both fail with this error in my forge logs:

INFO    2021-02-02T22:54:24.369Z pa7fj844-1917-2f99-9392-52f160bda34 Current user data {"code":401,"message":"Unauthorized; scope does not match"}

My app’s manifest does have the - read:confluence-user scope. What gives, I wonder?

UPDATE: So, today it’s working after a forge install --upgrade. Pretty sure I ran that yesterday, but… :man_shrugging: