Retrieving user info from Guest User in Confluence Cloud

sax · August 8, 2023, 2:06pm

Hi,
We are facing the following challenge trying to let guest user access all functionalities in our Connect app.

We need to retrieve the user info (e.g. displayName, avatar URL) for Confluence guest users (so that they can add comment in our app).

We know that from the client side it is it possible to use the “/rest/api/user/current” API. However we need to retrieve the info also from our server side in order to validate the information passed to the server (for security reason).

When using the “/rest/api/user/” with the accountId of the guest user we receive a 404 due to the limited credential of the guest user.

Any suggestion on how to solve this scenario?

Chris_at_DigitalRose · August 10, 2023, 5:35am

UPDATE: Note that we access the API’s server side as the connect app user, not trying to run as the guest user itself.

Hi @sax , we are similarly waiting for Atlassian to add full support for guest accounts to the API. (Guest users not visible in /api/search and are not External Collaborators)

We did notice recently that guest users are now returned from the /rest/api/search API (https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-search/#api-wiki-rest-api-search-user-get). Enable the sitePermissionTypeFilter and it will return guest info. Note there is still a bug that the externalCollaborator flag returns false for guests).

If you have the Guest user account ID, try something like this:
https://{{SITENAME}}.atlassian.net/wiki/rest/api/search?sitePermissionTypeFilter=externalCollaborator&cql=user%3D%22{{ACCOUNT_ID}}%22

Chris

sax · August 10, 2023, 1:17pm

Hi Chris,
Thanks for your help!

Until now we didn’t have the need to use the “connect app user” for accessing the REST API. Which kind of authentication are you using in this case? We generally get the token using the https://oauth-2-authorization-server.services.atlassian.com end point. In this case which “accountId” should we use for the “connect app user”?

Chris_at_DigitalRose · August 11, 2023, 4:43am

We are just using the ACE toolkit which has extended the built-in request method to call back to the atlassian host as the addon. https://bitbucket.org/atlassian/atlassian-connect-express/src/master/.

If you are not using ACE perhaps somebody else in the dev community has an example to build a manual auth?

sax · August 11, 2023, 2:57pm

HI Chris,
Digging in the code of ACE toolkit I was able to answer myself the authentication question.

In order to call the API on behalf of the app (and not on behalf of the user) the requested authentication is
'Authorization': 'JWT ' jwtToken.

When creating the jwtToken payload, it is sufficient to not specify the sub parameter (while in case of user impersonation, the sub parameter is equal to the accountId of the user).

Hope this can help other dev stumbling on the same issue.