Jira GDPR Compliance - cannot request scope

RohitMusti · October 22, 2024, 4:21pm

I am building out our GDPR compliance before we start storing any user data following this documentation. However, whenever I try and request the report:personal-data scope via the oauth routes upon connection I don’t ever receive the scope back in the token response; when I try to use the to the token without the scope I receive a 401, missing scopes response.

I have configured the personal reporting API in the console
I’ve tried checking and unchecking this box
I have verified the scope is being requested in the oauth flow.

I’d include screenshots, but I can only upload one at a time

Are there any other steps I should be following to get this scope added to my token or is this functionality just broken?

RohitMusti · October 22, 2024, 4:41pm

just to make sure nothing in my oauth flow was broking, I validated that I was successfully able to add the manage:jira-project scope - so something seems different about this report:personal-data scope from the other scopes. Do I need to get my organization approved by jira to access the scope and become GDPR compliant?

DeepakPandey · November 18, 2024, 7:42am

This is a bug and being tracked here:

ECO-533: Consent screen shows error when only report:personal-data is requested and if other scopes are also included then the access token returned does not include the report:personal-data scope

Regards,
Deepak