JSD portal started to render dynamic macros as static content

Case description:
Jira Service Desk shows Confluence pages as a knowledge base for external users. A page contains a dynamic macro (Table Filter).
Expected:
Page loads with a working dynamic macro.
Actual:
Page loads with a static representation of the macro.

Investigating the issue I found that JSD portal renders dynamic macros for external users (who have no access to Confluence) in this way (see screenshot):

But it works as expected for Confluence users.

The second issue is that the app can’t make requests to Confluence in the ACT_AS_USER scope when the macro is rendered for JSD portal:

addon.httpClient(req).asUserByAccountId(res.locals.userAccountId).get // retuns 403 

Our customers have trouble with this suddenly broken behavior. The app has 2k Cloud installations. @rwhitbeck, could you take a look at this issue?
Thanks,
Andrey

13 Likes

We also have problems with dynamic content macros not being able to make requests using user impersonation through JSD, and have been unsure what to do about it. We’ve only become aware of the issue in the last few weeks, but didn’t realize it was possibly a new issue. Would love to get more information on that from Atlassian. I believe apps that use the app user instead of user impersonation work fine, but we are hesitant to simply fallback to using the app user’s permissions if the user impersonation fails, as it could result in surprising and unwanted privilege escalations.

5 Likes

It looks like dynamic macros started to work as expected again.
But now the suggested workaround in this issue doesn’t work anymore: external user can get the page content in storage format but is not allowed to convert it to the view representation using the rest/api/contentbody/convert/export_view.

2 Likes