Hello,
I am experiencing 401 Unauthorized errors when my Forge app attempts to download Confluence attachment files. This matches the known issue documented where OAuth scoped tokens cannot access URLs on the atlassian. net domain.
APP INFORMATION:
- App ID: ari:cloud:ecosystem::app/97e5adb8-cba0-46ca-afbf-5b22c791113c
- App Name: TemSum Documentation Kit
- Atlassian Site: temsumsmg.atlassian. net
- Product: Confluence Cloud
PROBLEM:
My Forge app needs to download JSON configuration files that are attached to Confluence pages. When my app attempts to access the attachment download URLs (which use the format Log in with Atlassian account download/ attachments/{pageId}/{fileName}), I receive:
{
“code”: 401,
“message”: “Unauthorized; scope does not match”
}
USE CASE:
This is a legitimate use case - my app fetches JSON template configuration files that are attached to Confluence pages. These template files are uploaded and managed by the space owner/client (not by end users), and they contain configuration data that my app processes dynamically to generate documentation templates.
CURRENT APP SCOPES:
- read:confluence-content.all
- read:attachment:confluence
- read:confluence-space.summary
- read:page:confluence
- write:page:confluence
- write:confluence-content
REQUEST:
Per the guidance from Atlassian Support (referenced in issue: “Add support for atlassian .net when sending web requests with scoped API tokens”), How i can get this done for atlassian .net domain (or specifically temsumsmg .atlassian.net) for my Forge app so that OAuth scoped tokens can access attachment download URLs.
REFERENCE:
This matches the documented behavior where atlassian .net domain access with scoped tokens requires an allowlist exception. Atlassian Support has previously confirmed (October 2023) that allowlist can be provided for apps experiencing this issue.
Thank you for your assistance. Please let me know if you need any additional information.
Best regards,