@April Chi ,
I would appreciate getting some insights on when you guys plan to make it possible to use Teams Public APIs and especially the Teams Members Public API with Forge Apps so that these APIs worked as the rest of Jira APIs without a need for an app that needs these API to loose "Runs on Atlassian" status/badge.
As the documentation for the APis says, "Forge and OAuth2 apps cannot access this REST resource."
There are multiple use cases when Forge Apps need to work with Teams and Team Members, like capacity management, preliminary/high-level projects planning (e.g, at the portfolio level) with assigning teams and then specifying a member of the team at the moment the project is selected for execution, calculations of load in a project or epic by team and by a specific team member, and many more valuable use-cases.
I know that there is a workaround with using GraphQL for the Teams API, as described in this post., and the GraphQL approach does work for me for just the team information.
However, same as described in the post above, when I try to get the member id (atlassian accountId), e.g, using this query below, there is a scope error:
query getTeams ($organizationId: ID!, $siteId: String!, $first: Int, $after: String) {
team {
teamSearchV2(
organizationId: $organizationId
siteId: $siteId
first: $first
after: $after
) {
nodes {
memberCount
team {
id
displayName
description
state
membershipSettings
members {
nodes {
state
role
member {
id
}
}
}
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
}
There is the following error:
{
errors: [
{
message: 'This request does not contain the right authorisation scopes to access this field',
locations: [],
path: [
'team',
'teamSearchV2',
'nodes',
'team',
'members',
'nodes',
'member'
],
extensions: [
requiredScopes: [ 'identity:atlassian-external' ],
providedScopes: [
'manage:jira-project',
'read:issue:jira-software',
'read:jira-work',
'storage:app',
'view:membership:teams',
'read:project:jira',
'read:jira-user',
'manage:jira-configuration',
'read:issue-details:jira',
'view:team:teams',
'read:jql:jira',
'read:epic:jira-software',
'read:sprint:jira-software',
'write:jira-work',
'write:sprint:jira-software',
'read:board-scope:jira-software'
],
errorSource: 'GRAPHQL_GATEWAY',
statusCode: 403,
agg: { severity: 'NORMAL', ugcPiiSafe: true },
classification: 'InsufficientOAuthScopes'
]
}
],
data: { team: { teamSearchV2: [Object] } },
extensions: {
gateway: {
request_id: '17b821eb-4816-40a6-8a4c-e603d00b1ea3',
trace_id: '66f467e03fc04a468650a697fd26fee0',
crossRegion: false,
edgeCrossRegion: false
}
}
}
This problem prevents in particual our app from releasing the next functionality requested by our customers. The new functionality needs these APIs to be available.
The only workaround I found at the moment is VERY bad, resulting in the app losing "Runs on Atlasian" status. The workaround adds Jira API as an external remote, e.g. this way:
permissions:
external:
fetch:
backend:
- remote: jira-api-backend
remotes:
- key: jira-api-backend
baseUrl: "https://api.atlassian.com"
operations:
- fetch
and asks the user for the API token, allowing the app to make calls to the REST API using the Basic authentication header. This is the only way I can get the Membership info in a Forge app at the moment.
As you can see in the post I referenced above, there are multiple people who are facing the same issue.
I also believe there is a ticket that is probably related, though it has fewer details:
https://jira.atlassian.com/browse/JRACLOUD-92072
I would really appreciate it if you could share some information if you guys have already planned any work to have this resolved, any ETA, maybe any workarounds I was not able to find (I spent over 3 full days searching all possible places and solutions that are available).
Thank you!
