JIRA Cloud REST API (OAuth 2.0) Error 403 on POST Requests

痴心易碎 提交于 2019-12-11 12:09:45

问题


I am trying to connect my React app to the Jira Cloud API and can't seem to get past a 403 error.

My code currently does a Auth dance using OAuth 2.0 and returns the token and cloudid. I can use this to GET issues, however POST request (like creating an issue) return with 403. I have found here that this error is returned if the user does not have the necessary permission to access the resource or run the method.

I have ensured the user has the correct scope ([write: jira-work, read: jira-work]) and verified this is reflected in the user account (in their account > connect apps tab).

My app is not linked (via ApplicationLink) or installed (via Apps, Manage Apps), is this necessary to perform POST requests?

Here is a sample of my code:

fetch(`https://api.atlassian.com/ex/jira/${jira.cloudid}/rest/api/2/issue/`, {
    method: "POST",
    headers: {
        "Content-Type": 'application/json',
        "Authorization": `Bearer ${jira.token}`
    },
    body: JSON.stringify(data)
})
.then(...)

Neither api version 2 or 3 are working for this POST request. I have explored using Basic Auth however this fails due to CORS errors.

I have verified that the POST request does work in POSTMAN (using the cloudid and token).

---------------------------------------------------------------------------------------------------------------------------

UPDATE

After talking to Atlassian Staff, there is an issue within their API security:

"By trying the same thing you mentioned I think I found what the problem is. Your request likely fails with a ‘XSRF check failed’ in the browser. I’ve already talked to one of our security engineers and we quickly dived into the implementation code to confirm why this not working and what would need to be changed on our side. We’ve also already opened a engineering ticket to get this addressed. This will likely take a few weeks to get addressed, but I’ll keep you posted if I hear any updates!"

The XSRF check failed was the main error for my 403 response. I'll post any updates I receive and answer the question when a resolution is found.


回答1:


This has apparently been resolved. Follow the discussion here: https://community.developer.atlassian.com/t/jira-cloud-rest-api-oauth-2-0-error-403-on-post-requests/25621/4



来源:https://stackoverflow.com/questions/53808341/jira-cloud-rest-api-oauth-2-0-error-403-on-post-requests

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!