Rest API call for fetching teams

Forge Forge UI Kit and Custom UI
, ,
1

image
image1480×552 33.7 KB

I am trying to fetch the team details in my Forge App but I am always encountering errors.
I wrote this code

    const organizationRes = await requestJira(`/rest/api/3/organization`);
    const organizationData = await organizationRes.json();
    // Assuming you want the first organization name if multiple organizations are returned
    const firstOrganizationName = organizationData[0]?.name;
    setOrganizationName(firstOrganizationName);

but I am still not able to fetch it. please help , also when I try to use

const response = await api.asUser().requestJira(route`/rest/api/3/project/${projectIdOrKey}`, {
      headers: {
        'Accept': 'application/json'
      }
    });
    
    console.log(`Response: ${response.status} ${response.statusText}`);
    console.log(await response.json());

I get Content Security Policy error.

2

Hello @SandeshRai

I’ve never seen any ‘organization’ REST API endpoint for Jira Cloud with that path /rest/api/3/organization.

Can you please provide a link to the documentation that describes it.

3

GET {{baseurl}}/gateway/api/v3/teams/search?organizationId={organizationId}
ran this in my postman and was getting the output

4

Welcome to the Atlassian developer community @SandeshRai,

I’m not sure if the v3 is correct, but there is a Team REST API which should work in Postman with an API Token. To my knowledge, that API would not work in Forge or with requestJira. The Team REST API docs don’t mention any Forge auth at all.

It might work through GraphQL using requestGraph but I haven’t tried it myself. It seems suspicious because there are no Forge scopes.

5

Hello @SandeshRai

As @ibuchanan has advised, there is no such ‘v3’ version of the Teams REST APIs nor one with any such format as the one you have provided. Also, that request you have just cited is nothing like the one you posted in your original question!

So, I ask again, please provide a link to the specific, official documentation that describes this endpoint /gateway/api/v3/teams/search that you claim ‘gives the output’. Also, please provide screen grabs of your Postman session to that endpoint showing:

  • The authentication method you used
  • The entire path of the request
  • The JSON response from that endpoint

I get a bad feeling that you’re another one of ‘those people’ who is silly enough to try hijacking the internal REST API endpoints for their own purposes, by reading articles like this one, but simply doesn’t pay any attention to where it says, very clearly and distinctly,…

That’s not part of the product’s APIs which means that individual admins can use their personal API tokens to access this, but it is out of reach for Connect and Forge apps. And if I am not totally mistaken, it’s also not part of the official APIs, so you should not rely on using for any production workload, as you are basically hacking.

or…

This is totally a hack, gathered from sniffing the Search People/Teams page. Totally correct that this is probably only usable for unofficial admin work, like one-time scripts, etc. certainly not for apps or production automation things

6

It might work through GraphQL using requestGraph but I haven’t tried it myself. It seems suspicious because there are no Forge scopes.

@ibuchanan , I think your suspicions are partly correct.

I can use the requestGraph function to call the teams api and get some results

 const variables = ''
    const headers = ''
    const orgQuery = `query myConfluenceApp_user_getCloudId {
        tenantContexts(cloudIds:["${req.context.cloudId}"]) {
          cloudId , orgId
        }
      }`
      const orgResult = await api.asApp().requestGraph(orgQuery, variables, headers);
      const data = (await orgResult.json()).data
      console.debug("Orgs result", orgResult.status,data ,data.tenantContexts[0].orgId )
      const orgId = data.tenantContexts[0].orgId
    const query = ` query jiraTeams { team @optIn(to: "Team-search-v2")  { 

      teamSearchV2(organizationId:"ari:cloud:platform::org/${orgId}" , siteId:"${req.context.cloudId}") {
        nodes {
          memberCount
          includesYou
          team {displayName id 
            members {  
                nodes  {
                  state
                  role
                  member { id name} 
                      }
              }
          }
        }
    
      }
    }
    
    }`
    const result = await api.asApp().requestGraph(query, variables, headers);

This gives some details on the team

  memberCount: 2,
  includesYou: false,
  team: {
    displayName: 'Team 1',
    id: 'ari:cloud:identity::team/bc09f6f5-b578-4e22-b139-063afa4291f5',
    members: { nodes: [Array] }
  }
}

However, if we look at the members of the team I can’t get those details and run into a scope issue.

[
  { state: 'FULL_MEMBER', role: 'ADMIN', member: null },
  { state: 'FULL_MEMBER', role: 'REGULAR', member: null }
]

The graphql call does give descriptive errors.

  {
    message: 'This request does not contain the right authorisation scopes to access this field',
    locations: [],
    path: [
      'team',
      'teamSearchV2',
      'nodes',
      'team',
      'members',
      'nodes',
      'member'
    ],
    extensions: {
      requiredScopes: [Array],
      providedScopes: [Array],
      statusCode: 403,
      classification: 'InsufficientOAuthScopes',
      aggUgcPiiSafe: true,
      errorSource: 'GRAPHQL_GATEWAY'
    }
  }
] {
  requiredScopes: [ 'identity:atlassian-external' ],
  providedScopes: [
    'read:jira-work',
    'view:team:teams',
    'storage:app',
    'view:membership:teams',
    'read:user:jira',
    'read:avatar:jira',
    'read:project:jira',
    'read:jira-user',
    'read:group:jira'
  ],
  statusCode: 403,
  classification: 'InsufficientOAuthScopes',
  aggUgcPiiSafe: true,
  errorSource: 'GRAPHQL_GATEWAY'
}

The problem is that forge doesn’t support the scope ‘identity:atlassian-external’ , on forge deploy(even with no-verify) or lint it gives this error

39:6    error    Invalid 'scopes' permission in the manifest.yml file - 'identity:atlassian-external'. Learn more about permissions at: https://go.atlassian.com/forge-permissions.  valid-permissions-required

My question: Why is this scope not supported in Forge? Without this how can an App use Teams?

1 Like
7

@ibuchanan , or maybe @dmorrow / @tpettersen : any ideas on how to work around this? I’m currently blocked on an App I was hoping to build related to teams(ideally a Compass app but could be a Jira app).