Identifying the correct available resource from /oauth/token/accessible-resources

Hello,

We are working on creating an App that will ask the user for read:jira-work permissions, but I’m not sure what the possibilities are when it comes to the list of accessible resources returned to us. We are hoping to pull the cloud id for a specific base url.

For example is the following possible where we might get two different resources back from that endpoint?

  "resources": [
    {
      "id": "a7f94639-569c-44a3-b1e9-474423537f2c",
      "url": "https://my-site-name.atlassian.net",
      "name": "username1",
      "scopes": [
        "read:jira-work"
      ],
      "avatarUrl": "https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/triangle.png"
    },
    {
      "id": "60712be5-569c-44a3-b1e9-474423537f2c",
      "url": "https://different-site-name.atlassian.net",
      "name": "username1",
      "scopes": [
        "read:jira-work"
      ],
      "avatarUrl": "https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/triangle.png"
    }
  ]

If this is a possibility, and if we only want to grab the Cloud ID for https://different-site-name.atlassian.net, is it better for us to preemptively ask the user for the base url so that we can match it with the right resource?

If the above response is not a possibility, should we just grab the first resource that matches the scope?

1 Like

@AnthonyDelprete,

Short answer, yes, multiple sites can come back for the same token.

The deeper answers you are seeking may already be on this thread: