Rest API call for fetching teams

GrahamCarrick · May 8, 2024, 12:23am

It might work through GraphQL using requestGraph but I haven’t tried it myself. It seems suspicious because there are no Forge scopes.

@ibuchanan , I think your suspicions are partly correct.

I can use the requestGraph function to call the teams api and get some results

 const variables = ''
    const headers = ''
    const orgQuery = `query myConfluenceApp_user_getCloudId {
        tenantContexts(cloudIds:["${req.context.cloudId}"]) {
          cloudId , orgId
        }
      }`
      const orgResult = await api.asApp().requestGraph(orgQuery, variables, headers);
      const data = (await orgResult.json()).data
      console.debug("Orgs result", orgResult.status,data ,data.tenantContexts[0].orgId )
      const orgId = data.tenantContexts[0].orgId
    const query = ` query jiraTeams { team @optIn(to: "Team-search-v2")  { 

      teamSearchV2(organizationId:"ari:cloud:platform::org/${orgId}" , siteId:"${req.context.cloudId}") {
        nodes {
          memberCount
          includesYou
          team {displayName id 
            members {  
                nodes  {
                  state
                  role
                  member { id name} 
                      }
              }
          }
        }
    
      }
    }
    
    }`
    const result = await api.asApp().requestGraph(query, variables, headers);

This gives some details on the team

  memberCount: 2,
  includesYou: false,
  team: {
    displayName: 'Team 1',
    id: 'ari:cloud:identity::team/bc09f6f5-b578-4e22-b139-063afa4291f5',
    members: { nodes: [Array] }
  }
}

However, if we look at the members of the team I can’t get those details and run into a scope issue.

[
  { state: 'FULL_MEMBER', role: 'ADMIN', member: null },
  { state: 'FULL_MEMBER', role: 'REGULAR', member: null }
]

The graphql call does give descriptive errors.

  {
    message: 'This request does not contain the right authorisation scopes to access this field',
    locations: [],
    path: [
      'team',
      'teamSearchV2',
      'nodes',
      'team',
      'members',
      'nodes',
      'member'
    ],
    extensions: {
      requiredScopes: [Array],
      providedScopes: [Array],
      statusCode: 403,
      classification: 'InsufficientOAuthScopes',
      aggUgcPiiSafe: true,
      errorSource: 'GRAPHQL_GATEWAY'
    }
  }
] {
  requiredScopes: [ 'identity:atlassian-external' ],
  providedScopes: [
    'read:jira-work',
    'view:team:teams',
    'storage:app',
    'view:membership:teams',
    'read:user:jira',
    'read:avatar:jira',
    'read:project:jira',
    'read:jira-user',
    'read:group:jira'
  ],
  statusCode: 403,
  classification: 'InsufficientOAuthScopes',
  aggUgcPiiSafe: true,
  errorSource: 'GRAPHQL_GATEWAY'
}

The problem is that forge doesn’t support the scope ‘identity:atlassian-external’ , on forge deploy(even with no-verify) or lint it gives this error

39:6    error    Invalid 'scopes' permission in the manifest.yml file - 'identity:atlassian-external'. Learn more about permissions at: https://go.atlassian.com/forge-permissions.  valid-permissions-required

My question: Why is this scope not supported in Forge? Without this how can an App use Teams?