Unable to search for Confluence users

Hello all,
for our Forge-based App DataForms for Confluence Cloud we need to be able to search for users (e.g. in a UserPicker).
Getting Users by name or ID (https://developer.atlassian.com/cloud/confluence/rest/api-group-users/#api-api-user-get ) does not seem to be possible because the scope read:confluence-user is required but can not be set (see: https://developer.atlassian.com/platform/forge/manifest-reference/permissions/).

When searching for Users (https://developer.atlassian.com/cloud/confluence/rest/api-group-search/#api-api-search-user-get) we only get back a 401 “Unauthorized; scope does not match” The documentation unfortunately does not say anything about an OAuth scope. We get the same 401 response when trying to get the current user.

Does anyone know another way to call other (user-search) endpoints within forge. Or can you (@atlassian) tell us when we will be able to add the call these rest endpoints within forge?

Thank you very much.
Andreas

1 Like

I am also experiencing this issue - for reference using Forge Custom UI. Did you get a solution for this @spall ?

If you are using UI-Kit, consider the UserPicker, however our use case requires Custom-UI.

Edit: Within the Confluence Cloud REST API > Search Users > Forge, the following comment is added:

image

Other User retrieval endpoints (such as GET /wiki/rest/api/user) do not talk about lack of Oauth2 support, and these endpoints do not return a 401 response from the app. Basic Auth would return a 403 Forbidden response, as the cql search requires a User?

I wonder if this is a known issue or @atlassian are aware and have a workaround solution?

1 Like

@DennyMiller nope, we have not found a solution yet. Currently we will not be able to offer the functionality in the cloud, but only in the server app

@spall Hopefully Atlassian can respond soon to know whether this is intended and they can suggest a workaround, or if this is a problem that will be resolved for Forge CustomUI.

In the meantime, if you are still interested, it can be achieved using Node.js ‘fetch’ (Conf REST API has a section at the Search Users endpoint). This allows basic auth for a proof of concept if you still aim to use Forge for cloud development. (Hoping that a workaround/fix is provided as the Basic auth uses hardcoded credentials, limiting ‘asUser’/‘asApp’ contextual methods to be used!

@spall Here we go!

A few slight tweaks, deploy and uninstall/upgrade to use updated permissions and this allows a secure authorization endpoint!

const response = await api.asUser().requestConfluence(route `/wiki/rest/api/search?cql=type=user`);

Should be what’s needed for all user retrieval, or change the cql query as needed. :slight_smile:

4 Likes

Hi @DennyMiller,
many thanks for the hint. Can confirm that
“Getting Users by name or ID” can be replaced by:
…requestConfluence(/rest/api/search?cql=user.accountId="${userId}"
and "When searching for Users"can be replaced by:
…requestConfluence(/rest/api/search?cql=user.fullname~"${inputValue}",…

2 Likes