Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira access from Bitbucket ScriptRunner authorization error

Brian_Merrill
Brian_Merrill December 16, 2019

Hello I’m hoping someone can shed some light on this problem.  I’m trying to do a simple call from ScriptRunner on Bitbucket, running as a custom event handler during a pull request.  For now, I’m just trying to get the contents of a Jira issue to process but I keep getting authorization errors.

Our Bitbucket is configured to have an application link to Jira using local OAuth authentication in both directions.

I’ve shown the script portion below.  I’ve tried using various request factory with different results.  I’ve reviewed all the community responses I can find and none give me any more ideas besides passing credentials, which I believe it not supposed to be done anymore?

When I use createImpersonatingAuthenticatedRequestFactory or createAuthenticatedRequestFactory it will generate a "CredentialsRequiredException" with message "You do not have an authorized access token for the remote resource".  The same goes if I try just a normal createRequestFactory.  If I use the createNonImpersonatingAuthenticatedRequestFactory it does not generate an exception but returns a response code of 401 in the log.

String jiraTicket = "BTP-1" // test ticket on engdev Jira board BTP
def jiraLink = getJiraAppLink()

// note: createNonImpersonatingAuthenticatedRequestFactory does not cause
//      an exception but returns code 401
// createImpersonatingAuthenticatedRequestFactory causes an
//      exception (no authorized access token)
// createAuthenticatedRequestFactory causes an exception (no
//      authorized access token)
def requestFactory = jiraLink.createNonImpersonatingAuthenticatedRequestFactory()
requestFactory 
    .createRequest(Request.MethodType.GET, "rest/api/latest/issue/" +     
                   jiraTicket)
    .addHeader("Content-Type", "application/json")
    .execute([
       handle: { Response response ->
          if (response.isSuccessful()) {
            log.info("received successful response") 
            String responseString = response.getResponseBodyAsString()
            log.info(responseString)
          } else {
            log.info("Failed to get response from Jira: code " +                
                     response.getStatusCode())
            log.info("Text: " + response.getStatusText())
          }
    }] as ApplicationLinkResponseHandler<Void>
)

 

Answer
Watch
Like Be the first to like this
1488 views

1 answer

1 accepted

1 vote
Answer accepted
Robert Giddings _Adaptavist_
Robert Giddings _Adaptavist_
Community Champion
December 17, 2019

Hi Brian,

Thank you for your post.

Have you seen ScriptRunner for Bitbucket's documentation page on interacting with Jira via an AppLink?

The documentation can be found here: https://scriptrunner.adaptavist.com/latest/bitbucket/interacting-with-other-apps-via-applinks.html

Please let me know if this answers your questions?

Kind regards,

Robert Giddings,

Product Manager for ScriptRunner for Bitbucket.

View More Comments
Brian_Merrill
Brian_Merrill December 18, 2019

Hi Robert.  Thanks for the documentation reference.  I've tried that without success.  When I use that method I get the "You do not have an authorized access token for the remote resource" response.  I did note an interesting thing right below that where it fails in ThreeLeggedOAuthRequestFactoryImpl.  I've seen references to two-legged authorization but not three.

Our Bitbucket is linked to Jira as shown here.

2019-12-18 07_53_13-Window.png

I've tried the various request factories (NonImpersonating, Impersonating, Authenticated) and all fail.  I don't know if that's some issue with the way are authentication is being done.

I tried a custom REST endpoint in Jira and I can get that to work, at least with allowing anonymous users.

Like
Robert Giddings _Adaptavist_
Robert Giddings _Adaptavist_
Community Champion
December 20, 2019

Hi Brian,

Are you able to set your Outgoing and Incoming connections as "OAuth (impersonation)"?

This can be done, if you have the same users in both Bitbucket and Jira.

If you can set your connections to "OAuth (impersonation)", then I would follow exactly the code examples in either "Making Requests as the current User" or "Making Requests as another User" sections of the documentation to see that it works OK?

If your connections must remain as "OAuth" (i.e. because the users are different in Bitbucket and Jira), then I would follow exactly the code example in "Two-legged OAuth without impersonation" section of the documentation to see that it works OK?

Here is the reference to the documentation: https://scriptrunner.adaptavist.com/latest/bitbucket/interacting-with-other-apps-via-applinks.html

Kind regards,

Robert Giddings,

Product Manager for ScriptRunner for Bitbucket

Like
Brian_Merrill
Brian_Merrill December 23, 2019

Thank you, Robert.  Our environment has the connections as "OAuth" so I'll have to check with I.T. to find out if there is a reason they don't want to have it set to "OAuth (impersonation)".  As a test, I set our test environment connections that way and I was able to get the Jira ScriptRunner script to access data correctly when called from the Bitbucket ScriptRunner script.  I'll also test the two-legged OAuth without impersonation like you suggested in case I cannot get the connections changed.

 

Brian

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.