Trying to call the my permission end-point to get permissions for the connected user from my connect app (registered in a Jira cloud for dev env), it’s not working properly, always returning false for all the permissions I check, even when a site admin is connected.
What I don’t understand is : how does Jira know which user is asking to know their permissions since the API doesn’t mention any parameter nor header helping identifying the user ?
Thanks to help me to understand how this works
Best regards,
Sylvain
Hi Marc, thanks for your answer.
By the authorization header, in my case of an app using JWT, you mean I should also add this authorization JWT header to the call.
I tried but then I got a 401 on the call.
Maybe I misunderstand something.
You can also, for testing, use the basic auth header used in the example code in the documentation. That should get you started and return another value than false.
So … I tried with an API token and it worked fine.
But my app can’t use API tokens from all our customer Jira instances ! I need to have it working properly with the JWT sent by Jira for the connected user. Am I only supposed to add a HTTP header :
Yes, but unfortunately my app was written without this framework so I need to write it on my own.
I finally managed to have something working (no more 401) by building the usual JWT with qsh we used to query Jira API, not reusing the JWT sent by Jira admin page.
But … again, Jira doesn’t know who is asking so answering always yes (based on the shared secret ??) to the question : has the user ADMINISTER permission ?
So, I moved to the API call get bulk permissions using the accountId to check instead.
But still, understand how to call get myPermissions in details from a connect App is interesting and useful
