Hi team, I’m currently experimenting with invoking Team queries from our Forge plugin’s remote backend and I’ve noticed that it works when the request is authorized with plugin’s system app token but when it’s authorized with a user token (obtained by the plugin with the forge_remote_offlineUserAuthToken query) the response is like
{
"errors": [
{
"message": "This request does not contain the right authorisation scopes to access this field",
"locations": [],
"path": [
"team",
"teamsV2"
],
"extensions": {
"failedGrants": [
{
"scope": "view:team:teams",
"accountId": "63611d571cc605b1fd17b1a4",
"clientId": "K8YdMgUfbBv8G11PaoJmDv1aSc9d79Y3",
"cloudId": "N/A"
}
],
"errorSource": "GRAPHQL_GATEWAY",
"statusCode": 403,
"agg": {
"severity": "NORMAL",
"ugcPiiSafe": true
},
"classification": "InsufficientOAuthGrants"
}
}
],
"data": {
"team": {
"teamsV2": null
}
},
"extensions": {
"gateway": {
"request_id": "90cfd782-63f4-4c8a-b1d1-af758e80b974",
"trace_id": "90cfd78263f44c8ab1d1af758e80b974",
"crossRegion": false,
"edgeCrossRegion": false
}
}
}
although my manifest should allow impersonation for the teams scope
permissions:
scopes:
view:team:teams:
allowImpersonation: true
My query is (these are real IDs from a dev instance)
query TeamSearch {
team {
teamsV2(
ids: ["ari:cloud:identity::team/880d77a3-a029-4246-b0aa-8faee30d1375"],
siteId:"41cc6393-a8b8-4cda-951a-9d3a4e452935"
) @optIn(to: "Team") {
id
displayName
smallAvatarImageUrl
}
}
}
and all the requests are sent to https://api.atlassian.com/graphql and have the
"X-ExperimentalApi", ["teams-beta"]
header. The user I’m trying to impersonate is an org admin and has access to the teams.
It looks like impersonation doesn’t work for team queries. Is it so or am I missing something? Is it supposed to work?
Thank you in advance.