Hi,
I’m trying to get Bearer token for user, but when i send request signed with SharedSecret that i got on installation handshake i get this response:
{
"error": "unauthorized_client",
"error_description": "The authenticated client is not authorized to use this authorization grant type"
}
I was practicing this request in online tool for sending http requests with jwt token that my app generates and it was working, but now some issue appeared (that was another app, so i could do some things in other way).
I just noticed the actual error message when scrolling the error code. It seems to indicate that Bearer token authentication is not allowed for this endpoint. Can you share the details on which API endpoint you are trying to connect with?
I’m a bit confused now
The token service (https://auth.atlassian.io/oauth2/token) is meant to be used during a OAuth2 / 3LO handshake proces where you exchange the token you receive in the callback for an actual access token.
The SharedSecret you are referring to is part of the Atlassian Connect authentication flow, which is provided by Atlassian after installation of an Connect app in a Cloud instance. You do not need the token service for Atlassian Connect apps.
Is it correct that you are trying to get a JWT for a specific user / service account to make calls to the instance rest API for your Connect app?
Sorry, I really need a bit more contextual information to be able to help you here. Can you please tell me:
This is an Atlassian Connect app that is installed by users in Jira?
Upon installation, you have configured the post install hook in atlassian-connect.json and store the payload (incl. SharedSecret, instance URL and clientKey) in your database?
Is the user interacting with your app (via a web item?) and/or loading a page / panel from your server? Or are you trying to access the Jira API from a background worker (no user interaction).
If the user is interacting with your app, you will get a JWT from Jira which you can use to connect to the Jira API, or, even better, you can use AP.request() to make the request for you without having to think about authentication.
If you are trying to connect to the Jira API from a background worker and using either the app service account or impersonation, you will need to construct your own JWT using the clientKey, instance URL, SharedSecret and a proper query string hash.
Can you also tell me which API endpoint you are trying to connect to?
I’ve looked through error message and remembered that i was changing atlassian-connect file today for some DB testing… I noticed now that i deleted Act_as_a_user scope and got in funny situation when i have oauthClientID value in data base, but my app is not authorized.