User not authorized for certain endpoint on rest API

tzach · January 1, 2020, 12:50pm

Hi,

I’m using Atlassian-Connect-Express to create a Jira addon and encountered an issue where I get an error message: “Client must be authenticated to access this resource.” when using the function asUserByAccountId.

app.put('/getJiraFieldData',  addon.checkValidToken(), async function (req, res) {
        const httpClient = addon.httpClient(req);

            const options = {
                url: '/rest/api/2/customField/XXXX/option', //XXXX is the field id, example: 10043
            };
               await httpClient.asUserByAccountId(req.context.userAccountId).get(options, 
                async function (err, res, body) {
                    if (err) {
                        console.error(err);
                    } else {
                     //some code here.. 
                    }

});

The thing is that every other request using httpClient.asUserByAccountId in the REST API document works and returns data. Only this specific request returns an authorization error.

Am I missing something in the authorisation process?

david2 · January 1, 2020, 7:23pm

Isn’t that endpoint restricted to the add-on user? Or at least to administrators?

tzach · January 2, 2020, 12:00pm

thank you for your reply!
Yes you’re right this endpoint does restricted to add-on apps, I just checked this on the Jira Rest API documentation, is there any other way you know to get this information using a connected app?

david2 · January 2, 2020, 2:45pm

Just don’t use asUserByAccountId. By default, the REST call will be made as the add-on user.