My app has some dynamic macros that have a static render mode for export. To render the export view, my app needs to fetch some data from Confluence, and it does so by impersonating the current user using
addon.httpClient(req).asUserByAccountId(req.context.userAccountId) from atlassian-connect-express.
When I export a page using the macro to PDF, or when I expand
body.export_view in the REST API, or when I render the page using any app that fetches the export view from the frontend, my export view renders fine, as the static render mode is called in the context of the current user.
However, when I render the page using an app that fetches the export view from the backend using JWT authentication (authenticating as its own app user), my export view fails to render. The reason seems to be that my backend cannot impersonate the app user of the other app. Trying to use the Confluence API in such a way will result in a 403 error with the message:
Add-on 'com.k15t.orderly.databases' disallowed to impersonate the user because 'no valid active user exists'.
In particular, I am trying to get my static macro to render when publishing a help center using Scroll Viewport. The Viewport team have told me that they are experiencing this issue with some macros, but not with others. For example draw.io macros seem to work fine. Are they maybe using their own app user to make requests against Confluence? I’m not sure that would be an option from a security and a UX perspective for me.
Is this something that can be fixed in Confluence? Are there any suggested workarounds?