Forge user impersonation - what am I missing?

danielwester · October 16, 2025, 6:43pm

I’m trying to use the forge impersonation feature and have been able to exchange the user’s accountId and my app’s system accessToken for a userAppToken.

In the Forge manifest I have:
read:issue-meta:jira: allowImpersonation: true read:issue-security-level:jira: allowImpersonation: true read:issue.vote:jira: allowImpersonation: true read:issue.changelog:jira: allowImpersonation: true read:avatar:jira: allowImpersonation: true read:issue:jira: allowImpersonation: true read:status:jira: allowImpersonation: true read:field-configuration:jira: allowImpersonation: true read:jira-work: allowImpersonation: true

However when I do a POST to /rest/api/3/issue/bulk at the apiBaseUrl - keep getting a 401 (that’s with a Bearer token).

What am I getting wrong?

/Daniel

danielwester · October 16, 2025, 7:00pm

Ok found it.

I was calling /rest/api/3/issue/bulk instead of /rest/api/3/issue/bulkfetch

Why that is returning a 401 instead of 404…

clouless · October 16, 2025, 7:11pm

Hi,

Might be slightly off topic, but will this work together with a Jira Premium and Okta User impersonation? I have this as a user request where the admin of my app wants to test the app as another user but the impersonation does not work.

Cheers

Bernhard

HeyJoe · October 17, 2025, 1:04am

No, that won’t work. The user impersonation features we’ve shipped so far for Forge only work in the context of allowing you to request an API token that’s scoped to a different user identity. In the browser, Forge apps are not able to understand impersonated user sessions.

This is tracked as https://jira.atlassian.com/browse/ECO-244