Permission/Lack of Scope Error Despite Proper Scopes

Currently I’m receiving the following:

INFO    16:42:02.643  _  Response: 403 Forbidden
INFO    16:42:02.643  _  {
  errorMessages: [
    "Your app does not have scopes that are required to access this method ('write:jira-work')."
  ]
}

When making a call to create an issue via api.asApp().requestJira('/rest/api/3/issue').

  • My application does have that scope included in its manifest.
  • Forge lint returns no issues (prior to the addition of that scope it will naturally return that the write:jira-work scope is required).

Removal of that scope from my manifest results in the following:

  • Immediate notification that the scope is required POST /rest/api/3/issue requires "write:jira-work" scope permission-scope-required.
  • The exact same response I receive with the scope added to the manifest (Your app does not have scopes that are required to access this method (‘write:jira-work’).

Is there something I’m missing? Any assistance is greatly appreciated.

hey @ninack,

Would you mind sharing more details on how you calling Jira API?
If the call is made from an app installed in Confluence, you need to install an app into Jira as well.

1 Like

Hey there @pvlasov ! Sure thing. Currently I’m calling it via a Forge app installed to my JIRA Cloud instance.

The app is contained/rendered in IssuePanel .

export const run = render(
  <IssuePanel>
    <App />
  </IssuePanel>
);

Please let me know if there’s any additional information I can provide that will help! :+1:

@ninack could you try running forge install:list to check if your installation is up to date. If you see any of the “Out-of-date” installations, you need to upgrade them, see https://developer.atlassian.com/platform/forge/add-scopes-to-call-an-atlassian-rest-api/#upgrade-the-app

@pvlasov thanks for the quick response. Looks like everything is updated to the latest:

Anyone have any ideas as to what could be causing this? :thinking:

@ninack sorry for the late reply. I could not reproduce your issue. Could you try running the app with the code below?

import ForgeUI, { render, Fragment, Text, IssuePanel, Form, Select, Option, useState } from '@forge/ui';
import api from '@forge/api';

export const createIssue = async (fields) => {
  const res = await api.asApp().requestJira('/rest/api/3/issue', {
      method: 'POST',
      body: JSON.stringify({
          update: {},
          fields
      })
  });

  return res.json();
};

export const getProjects = async () => {
  const res = await api.asApp().requestJira('/rest/api/3/project/search', {
      method: 'GET'
  });

  const json = await res.json();

  return json.values;
};

const App = () => {
  const [projects] = useState(async () => getProjects());
  const [formSubmitState, setFormSubmitState] = useState(undefined);

  return (
    <Fragment>
      <Text>Form submit state: {formSubmitState && JSON.stringify(formSubmitState, null, 2)}</Text>

      <Form submitButtonText="Create issue" onSubmit={async (data) => {
        const res = await createIssue({
          summary: `Jira ticket ${Date.now()}`,
          project: {
            id: data.projectId
          },
          issuetype: {
            id: '10001'
          }
        });

        setFormSubmitState(res);
      }}>
        <Select label="Jira project" name="projectId">
          {projects.map((project) => {
            return (
              <Option label={project.name} value={project.id} />
            )
          })}
        </Select>
      </Form>
    </Fragment>
  );
};

export const run = render(
  <IssuePanel>
    <App />
  </IssuePanel>
);

This is a simple issue panel that allows to pick a project and create an issue.

You will need to replace the code and run forge deploy and upgrade your existing installations.

@ninack if it does not work, could you create a request here, so we can gather more details?

Hi, I am also facing the same issues, Could you please guide me.

I have copied and tried the above code and got this error.
ERROR 12:16:36.287 ed0477e1020192db You must create your route using the ‘route’ export from ‘@forge/api’.
See https://go.atlassian.com/forge-fetch-route for more information.
Error: You must create your route using the ‘route’ export from ‘@forge/api’.

Hi @AshwaniGarg

The route method has been added and you indeed need to use it in your code. An example would look like:

import api, { route } from '@forge/api';

export const getProjects = async () => {
  const res = await api.asApp().requestJira(route`/rest/api/3/project/search`);
  const json = await res.json();
  return json.values;
};

Let me know if this helps :slight_smile:

Cheers,
Xavier

Hi @ninack,

I know this is quite late, but have you also added your scopes to the Authorisation page in the developer console?

Regards,
James.

Hi Xavier, Thanks for the response.

Don’t we have to define the API type (GET/POST) while using “route” keyword ?

Hi again,

You will have the same ability to include some optional fields to your requestJira call, such as:

export const getProjects = async () => {
  const res = await api.asApp().requestJira(route`/rest/api/3/project/search`, {
    method: 'GET'
  });
  const json = await res.json();
  return json.values;
};

I was just using a shortcut, as by default, the GET method is assumed so you don’t have to include it :slight_smile:

Basically the only change compared to the earlier versions should be to wrap the url into the route keyword as per above example.

Cheers,
Xavier

1 Like

Hi Xavier, The above issue got resolved, but got one more another issue.

I am trying to get an email address of the user’s of my organization, that is the main reason, I’m trying to create this forge app.

Now, when I’m trying to hit the users api to get the user’s details. It’s still not showing the email address of the users.

 const res = await api.asApp().requestJira(route`/rest/api/3/users/search`);
 const json = await res.json();
 console.log('users json');
 console.log(json);

Could you please tell me, What I’m missing.

We need this forge app for multiple tenants of our product. And we also want to host it privately. Is it possible?

Hi @AshwaniGarg

Glad to know your initial problem got resolved :slight_smile:

As for the email address, this field can be returned as null depending on the user’s privacy setting, as highlighted in the Jira Rest API docs:

emailAddress: The email address of the user. Depending on the user’s privacy setting, this may be returned as null.

Reference: Jira API

Do you mind confirming that the data comes back from your search and that the other fields are populated? (ie, the accountId field for instance).

If you app needs to be multi-tenants, you will have to install it on all your sites.

As for being hosted privately, you app can only be installed if you share an installation link from the Developer Console, as per those guidelines).

So your app will not be installable by anyone else, if that is your concern? For the hosting part, all Forge apps are hosted on our Atlassian infrastructure, as per the following security highlights.

Hope this helps.

Cheers,
Xavier

Hi AshwaniGarg Can you please post the solution?

you need to update Manifest.xml

you need add this block:

permissions:
  scopes:
    - read:issue-meta:jira
    - read:issue-security-level:jira
    - read:issue.vote:jira
    - read:issue.changelog:jira
    - read:issue:jira
    - read:status:jira
    - read:field-configuration:jira
    - read:comment:jira
    - read:comment.property:jira
    - read:group:jira
    - read:project:jira
    - read:project-role:jira
    - read:user:jira
    - read:avatar:jira