Issue with OAuth REST API - Access Token based connection

MathewSamuel · July 21, 2022, 3:59am

Hi,

I am using OAuth to authorize an app to make API calls on behalf of a user. Authentication and access token generation is working fine. But when I make subsequent calls using the Access Token, its giving “UnAuthorized - 401” error. I am able to make call to the same API using Basic Auth (username/api-key).

https://api.atlassian.com/oauth/token/accessible-resources
With headers
Authorization Bearer ACTUALACCESSTOKENHERE
Accept application/json

The user performing the OAuth is the admin for the confluence site. And has the below scopes while approving the App. Is there any other permission the App/user should have?

read:me read:account report:personal-data read:confluence-space.summary read:confluence-props read:confluence-content.all read:confluence-content.summary read:confluence-content.permission read:confluence-user read:confluence-groups readonly:content.attachment:confluence

dmorrow · July 21, 2022, 4:15am

Hi @MathewSamuel ,

When you say subsequent calls, do you mean in quick succession or after a considerable delay? Access tokens expire so you need to request new ones with your refresh token.

Here’s a link to the documentation: https://developer.atlassian.com//cloud/jira/platform/oauth-2-3lo-apps

Regards,
Dugald

MathewSamuel · July 21, 2022, 4:19am

Hi @dmorrow,

The API call is immediately after receiving Access Token (within the same block of code). I tried with Postman as well within few minutes of generating access token. That too returned Unauthorized.

Thanks

dmorrow · July 21, 2022, 4:35am

Hi @MathewSamuel ,

So just to clarify, none of your calls with the access token work?

Regards,
Dugald

MathewSamuel · July 21, 2022, 5:45am

Hi @dmorrow - None of them working with access token. All are returning the same error.

I am testing this with a new account(Standard Plan). Assuming OAuth API is supported in all plans.

dmorrow · July 21, 2022, 7:18am

Hi @MathewSamuel ,

Thanks. So your call to https://auth.atlassian.com/oauth/token succeeds, but then your call to https://api.atlassian.com/oauth/token/accessible-resources fails.

Have you tried the curl commands detailed in the OAuth 2.0 (3LO) guide?

Regards,
Dugald

MathewSamuel · July 21, 2022, 8:49pm

Curl also returns Unauthorized. I am really suspecting some permissions I may have missed while setting up the site. But unable to find it. @dmorrow

dmorrow · July 21, 2022, 10:22pm

Hi @MathewSamuel ,

Assuming you’ve followed the steps in the Enabling OAuth 2.0 (3LO) section, nothing else comes to mind.

Maybe the next step is for you to create a ticket and provide more details such as code and configuration than you would otherwise be comfortable sharing in this public forum.

Regards,
Dugald