Get user email - new OAuth 2.0 scopes?

A customer challenged us about the need to install our Connect App since the endpoint now seems to support OAuth 2.0 requests. Since we did create the Connect App specifically to do that single API call, I was surprised to see the Get user email now has a new OAuth 2.0 scope read:email-address:jira in the documentation. So I tried it, and while I do see the new scope in the consent window during the OAuth handshake

using the resulting access token to do the actual API call https://api.atlassian.com/ex/jira/{cloudId}/rest/api/2/user/email?accountId={userAccountId} fails with:

{
    "code": 403,
    "message": "The app is not installed on this instance"
}

Every other API call works so I was wondering:

• Is this feature is still in development?
• Any way for us to request access to it?
• Or am I doing something wrong?

Thank in advance!

BTW, I also tried with Confluence using the scope read:email-address:confluence as documented and same results. I also found it documented in both Jira/Confluence “Granular scopes” lists.

image728×91 2.69 KB

image712×76 2.64 KB

Hey @dshelgunov,

This scope was recently added for Forge and it looks like some automated pipelines have picked it up before we could announce it.

Forge apps can utilise the read:email-address:jira and read:email-address:confluence scopes to access the Get Email and Get Email Bulk.

For now, these APIs are only supported by asApp() requests and therefore won’t work when requested by asUser() or via an OAuth (non-Forge) app.

I see, thank you @SeanBourke for your quick answer. In that case, may I suggest making it clearer in the documentation somehow? Or at least not include these scopes in the OAuth app settings in the developer console.

And one last question, do you have any idea if this will also be available one day for OAuth non-Forge apps? Having to maintain a Connect App, currently requires a lot of effort for a single API call We use an OAuth 2 app for everything else in our integration.