OAuth 2.0 is not enabled for method: GET

JanarthananRamesh · July 21, 2023, 1:01pm

Hi,
I was trying to get Users in the Custom UI by using this endpoint /rest/api/2/groupuserpicker?query=${query}

Custom UI:

Backend Resolver:

https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-group-and-user-picker/#api-rest-api-2-groupuserpicker-get

Getting this error message: “OAuth 2.0 is not enabled for method: GET /rest/api/2/groupuserpicker%3Fquery”

I tried by Using the endpoint for fields /rest/api/2/field & its working

Any help would be greatly appreciated!

FabienLydoire · July 24, 2023, 6:08am

Hello @JanarthananRamesh

It’s the encoding of your URL string which is causing the error.
See the same question I asked.

JanarthananRamesh · July 28, 2023, 4:10am

Hi @FabienLydoire
Thank you replying, Unable to view the page

FabienLydoire · July 28, 2023, 6:01am

When passing a string to the route function, the string is escaped. The url string you pass contains the ? to define the query strings parameters and that is the escape of this character causing the OAuth error.

You must use the route tagged template function to construct the path that’s passed to the product fetch APIs. route is a tagged template function that runs encodeURIComponent on each interpolated parameter in the template string. This provides protection against security vulnerabilities, such as path traversal and query string injection.

source: https://developer.atlassian.com/platform/forge/runtime-reference/product-fetch-api/#route

You should pass the query string and use a fixed based URL in your backend function.

await api.asApp().requestJira(route`/rest/api/2/groupuserpicker?query=${query}`

Since your backend function is GET_GROUP_USER_PICKER, having a fixed base URL should not be an issue.

JanarthananRamesh · July 28, 2023, 7:07am

Thank you @FabienLydoire

It worked now able to get the Users!