"You don't have an authorized access token for the remote resource" - Creating Confluence content via JIRA using REST API

JIRA Server v7.4.2
Confluence v6.2.3

I have CONNECTED Outgoing and Incoming OAuth authentications on both JIRA and Confluence. [images below]
I have administrator permissions in both JIRA and Confluence.
Our users go through SAML to sign in to JIRA and Confluence.

I am running the following script in the Script Console (Adaptavist ScriptRunner).

package examples.docs
import com.atlassian.jira.issue.Issue
import com.atlassian.applinks.api.ApplicationLink
import com.atlassian.applinks.api.ApplicationLinkService
import com.atlassian.applinks.api.application.confluence.ConfluenceApplicationType
import com.atlassian.sal.api.component.ComponentLocator
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.sal.api.net.Request
import com.atlassian.sal.api.net.Response
import com.atlassian.sal.api.net.ResponseException
import com.atlassian.sal.api.net.ResponseHandler
import groovy.json.JsonBuilder
import org.apache.log4j.Logger
import org.apache.log4j.Level
def log = Logger.getLogger("com.acme.XXX")
log.setLevel(Level.DEBUG)

/**
 * Retrieve the primary confluence application link
 * @return confluence app link
 */
ApplicationLink getPrimaryConfluenceLink() {
    def applicationLinkService = ComponentLocator.getComponent(ApplicationLinkService.class)
    final ApplicationLink conflLink = applicationLinkService.getPrimaryApplicationLink(ConfluenceApplicationType.class);
    conflLink
}

def issueManager = ComponentAccessor.getIssueManager()
Issue issue = issueManager.getIssueObject("ATW-30")

def confluenceLink = getPrimaryConfluenceLink()
assert confluenceLink // must have a working app link set up

def authenticatedRequestFactory = confluenceLink.createAuthenticatedRequestFactory()

// set the page title - this should be unique in the space or page creation will fail
def pageTitle = issue.key + " Discussion"
def pageBody = """<p> ${issue.summary}<p>

<p>${issue.description}</p>

Use this page to discuss the above...
"""

def params = [
    type: "page",
    title: pageTitle,
    space: [
        key: "TEST" // set the space key - or calculate it from the project or something
    ],
    body: [
        storage: [
            value: pageBody,
            representation: "storage"
        ]
    ]
]

authenticatedRequestFactory
    .createRequest(Request.MethodType.POST, "rest/api/content")
    .addHeader("Content-Type", "application/json")
    .setRequestBody(new JsonBuilder(params).toString())
    .execute(new ResponseHandler<Response>() {
    @Override
    void handle(Response response) throws ResponseException {
        if(response.statusCode != HttpURLConnection.HTTP_OK) {
            throw new Exception(response.getResponseBodyAsString())
        }
    }
})

This produces the following error:

2017-11-07 15:39:45,986 WARN [common.UserScriptEndpoint]: Script console script failed: 
com.atlassian.applinks.api.CredentialsRequiredException: You do not have an authorized access token for the remote resource.
	at com.atlassian.applinks.oauth.auth.ThreeLeggedOAuthRequestFactoryImpl.retrieveConsumerToken(ThreeLeggedOAuthRequestFactoryImpl.java:93)
	at com.atlassian.applinks.oauth.auth.ThreeLeggedOAuthRequestFactoryImpl.createRequest(ThreeLeggedOAuthRequestFactoryImpl.java:86)
	at com.atlassian.applinks.core.auth.ApplicationLinkRequestFactoryFactoryImpl$AbsoluteURLRequestFactory.createRequest(ApplicationLinkRequestFactoryFactoryImpl.java:180)
	at com.atlassian.applinks.api.ApplicationLinkRequestFactory$createRequest.call(Unknown Source)
	at examples.docs.Script70.run(Script70.groovy:66)

Two things I think could be problematic:

  1. Our users go through SAML to sign on to JIRA.
  2. The application links are OAuth, not OAuth Impersonation. I’m kind of confused about the difference – might I need to be using Impersonation?

Thank you for any assistance/guidance.
Evan

Hi @eawinter,

I noticed that you didn’t get a reply yet, as you are talking about Scriptrunner you might want to check out the user community category for Adaptavist (the company behind Scriptrunner): https://community.atlassian.com/t5/Adaptavist/ct-p/adaptavist

This community is focussed on building on top of our products but not on using apps or our products.

Cheers,
Peter

At least, Atlassian expert can respond on the root cause that may lead to this error. And if OAuth Impersonation can help to fix or to probe the issue.
I don’t think it’s purely Adaptavist issue

Hi @eawinter

Did you get a solution for this issue?
I am facing exact same issue. I would appreciate any direction if you could give.

BR,
Bhupesh

1 Like

changing to OAuth (impersonation) helped. This has to be changed on both ends of the application link.

1 Like