Hello, I am attempting to get/update an issue. I am attempting to use OAUTH 2.0 Impersonations. I can do all the necessary get and updates, except for when I am attempting to add update/get a field that is not visible. I am attempting to run the following rest command.
/rest/api/3/issue/${issueIdOrKey}?overrideEditableFlag=true
I’m getting the following error: Only Connect add-on users with admin scope permission are allowed to override the editable flag.
I have followed the following steps that again work when doing a normal put/get request. I only get the error when I add the overrideEditableFlag setting to allow me to edit non-visible fields.
Any help on why I’m getting the error would be appreciated.
Built the Token
var tokenData = {
iss: "urn:atlassian:connect:clientid:" + <clientid>,
sub: "urn:atlassian:connect:useraccountid:" + userId,
tnt: <baseUrl>,
qsh: jwt.createQueryStringHash(jwt.fromMethodAndUrl('PUT', `/rest/api/3/issue/${issueIdOrKey}?overrideEditableFlag=true`)),
aud: "https://oauth-2-authorization-server.services.atlassian.com",
iat: now.unix(),
exp: now.add(10, 'seconds').unix()
};
const secret = <secret>;
const token = jwt.encode(tokenData, secret);
Use token above to get access token
Var parameters = {
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
assertion: token,
scope: "READ WRITE ACT_AS_USER ADMIN"
};
var AUTHORIZATION_SERVER_URL = "https://oauth-2-authorization-server.services.atlassian.com"
console.log("\nRequesting access token".bold);
request.post({
url: AUTHORIZATION_SERVER_URL + '/oauth2/token',
form: parameters,
json: true,
headers: {
"accept": "application/json"
}
},
....
Make a call with the returned access token
fullResourcePath = `<full path>/rest/api/3/issue/${issueIdOrKey}?overrideEditableFlag=true`
const bodyData = `{
"fields": {
"summary": "Having issue using update api for connect v2",
"key": "NX-200"
}
}`
access_t = <token generated from above>
fetch(fullResourcePath, {
method: 'PUT',
headers: {
"Authorization": "Bearer " + access_t,
'Accept': 'application/json',
'Content-Type': 'application/json'
}, body: bodyData
})
...