What is the right scope for project avatars?

Forge Forge UI Kit and Custom UI
, ,
1

Hi,
I want to display the avatar of a project (standard avatar provided by Atlassian).

avatar={project.avatarUrls['48x48']}
...
<Image src={avatar} alt={projectKey} size='xsmall' />

I get an error:

"Egress permissions for 
https://api.atlassian.com/ex/jira/4e209d6d-5fcd-4150-bbe8-bd27a2bc24e5/rest/api/3/universal_avatar/view/type/project/avatar/10407
 missing in the manifest."

I tried to add this to the manifest:

permissions:
  scopes:
    - read:project.avatar:jira

But it did not work.

Finally this works:

permissions:
  external:
    images:
      - 'api.atlassian.com'

But I find it really strange to explicitely have to add an Atlassian domain for something standard like avatars.

What is the right way to authorize project avatars?

Thanks for your help!

1 Like
2

Unfortunately you do need to add the api.atlassian.com egress permission. I know it’s counter intuitive, but Forge’s tenant-isolated sandbox prevents you from reaching those specific APIs at the moment.

It’s a problem we’re keen to solve in the future but no specific timelines to share at the moment.

1 Like
3

Thanks Adam, good to know I am on the right path :slight_smile: