Hi,
I am using OAuth to authorize an app to make API calls on behalf of a user. Authentication and access token generation is working fine. But when I make subsequent calls using the Access Token, its giving “UnAuthorized - 401” error. I am able to make call to the same API using Basic Auth (username/api-key).
https://api.atlassian.com/oauth/token/accessible-resources
With headers
Authorization Bearer ACTUALACCESSTOKENHERE
Accept application/json
The user performing the OAuth is the admin for the confluence site. And has the below scopes while approving the App. Is there any other permission the App/user should have?
read:me read:account report:personal-data read:confluence-space.summary read:confluence-props read:confluence-content.all read:confluence-content.summary read:confluence-content.permission read:confluence-user read:confluence-groups readonly:content.attachment:confluence
Hi @MathewSamuel ,
When you say subsequent calls, do you mean in quick succession or after a considerable delay? Access tokens expire so you need to request new ones with your refresh token.
Here’s a link to the documentation: https://developer.atlassian.com//cloud/jira/platform/oauth-2-3lo-apps
Regards,
Dugald
Hi @dmorrow,
The API call is immediately after receiving Access Token (within the same block of code). I tried with Postman as well within few minutes of generating access token. That too returned Unauthorized.
Thanks
Hi @MathewSamuel ,
So just to clarify, none of your calls with the access token work?
Regards,
Dugald
Hi @dmorrow - None of them working with access token. All are returning the same error.
I am testing this with a new account(Standard Plan). Assuming OAuth API is supported in all plans.
Hi @MathewSamuel ,
Thanks. So your call to https://auth.atlassian.com/oauth/token succeeds, but then your call to https://api.atlassian.com/oauth/token/accessible-resources fails.
Have you tried the curl
commands detailed in the OAuth 2.0 (3LO) guide?
Regards,
Dugald
Curl also returns Unauthorized. I am really suspecting some permissions I may have missed while setting up the site. But unable to find it. @dmorrow
Hi @MathewSamuel ,
Assuming you’ve followed the steps in the Enabling OAuth 2.0 (3LO) section, nothing else comes to mind.
Maybe the next step is for you to create a ticket and provide more details such as code and configuration than you would otherwise be comfortable sharing in this public forum.
Regards,
Dugald
1 Like