Inconsistent unauthorized response when retrieving jira issue via API

weegoblinsmile · March 2, 2024, 10:53pm

I’m retrieving jira issues recursively. I start with a root issue then use a jql search to grab all of it’s children via parent={issueKey}. If they have children I grab them as well. So if I start at an epic, I’ll get all the epic, it’s child issues, and then the sub-tasks of child issues.

However, today I’m finding I’m getting unauthorized responses like this:

However, sometimes my requests succeed? It’s the same request over and over.

Here’s a video of it happening

Am I getting rate limited? Is there a limit for the dev app? If I make a resolver will that help? This is straight from the UI client using the forge bridge.

rcsr · March 3, 2024, 6:12am

You might have better luck debugging this by examining the Network tab. If you’re getting rate limited it should show status 429. Atlassian doesn’t officially publish their API rate limits but usually you would need to continuously perform tens of API calls a second to even hit it so I don’t think that’s the issue you’re seeing.

It’s going to be hard to debug this without a reproducible demo. Even a HAR file would be useful.

weegoblinsmile · March 3, 2024, 11:55pm

Network tab looks just like the error. 401 Unauthorized.

But the thing is, if I refresh enough times sometimes it’ll retrieve all the data, and if I retrieve an issue that doesn’t have many sub-tasks (like 2) or just a single task it’ll load more frequently. However if I keep refreshing I’ll just as often get 401 Unauthorized.

Code’s super simple, I’m just using these two functions to get issues in my project:

export const jiraIssue = async (issueKey: string): Promise<Issue> => {
  const result = await requestJira(`${BASE_JIRA_ISSUE_API}${issueKey}?${DEFAULT_ISSUES_FIELDS}`)
  const json = await result.json()
  return json
}


export const subTasks = async (issueId: string): Promise<{issues: Issue[]}> => {
  const result = await requestJira(`${BASE_JIRA_SEARCH_API}?jql=${encodeURI(`parent=${issueId}`)}&${DEFAULT_ISSUES_FIELDS}`)
  const json = await result.json()
  return json
}

weegoblinsmile · March 3, 2024, 11:56pm

(forge app by the way!)

BenPierce · March 4, 2024, 12:33am

I’ve been working through this the past week with Atlassian support. It seems tied to CHANGE-1320

Still testing the fix, so I’ll let you know if I get anywhere.

BenPierce · March 4, 2024, 12:59am

Hi @weegoblinsmile – managed to figure it out and CHANGE-1320, described above, got me to where I needed to be (thank for that nudge Atlassian support!).

In my case, I had to do these steps:

Update my @forge/resolver and @forge/api dependencies to the latest version (not sure if resolving was necessary, but it never hurts to be on the latest version).
I was doing something similar to you when composing my URL’s and forge no longer likes that due to the security checks that are described in CHANGE-1320

So, here’s what I used to have:

const URL = route`${API_PATH}?query=${query}&startAt=${offset}&maxResults=${limit}`;
const payload = await api.asUser().requestJira(URL);

I had to get rid of ${API_PATH} and hardcode the path in each URL like so:

const URL = route`/rest/api/2/user/search?query=${query}&startAt=${offset}&maxResults=${limit}`;
const payload = await api.asUser().requestJira(URL);

So, in your examples try replacing ${BASE_JIRA_SEARCH_API} with the actual URL and you should be all set!