POST请求上的JIRA Cloud REST API(OAuth 2.0)错误403 [英] JIRA Cloud REST API (OAuth 2.0) Error 403 on POST Requests

问题描述

我正在尝试将我的React应用程序连接到Jira Cloud API，但似乎无法解决403错误.

I am trying to connect my React app to the Jira Cloud API and can't seem to get past a 403 error.

我的代码当前使用 OAuth 2.0 并返回令牌和cloudid.我可以使用它来获取问题，但是POST请求(例如创建问题)返回403.我发现此处，如果用户没有访问资源或运行方法的必要权限，则会返回此错误.

My code currently does a Auth dance using OAuth 2.0 and returns the token and cloudid. I can use this to GET issues, however POST request (like creating an issue) return with 403. I have found here that this error is returned if the user does not have the necessary permission to access the resource or run the method.

我已确保用户具有正确的范围([写入:jira-work，读取:jira-work])，并验证了它是否反映在用户帐户中(在其帐户>连接应用程序"标签中).

I have ensured the user has the correct scope ([write: jira-work, read: jira-work]) and verified this is reflected in the user account (in their account > connect apps tab).

我的应用程序未链接(通过ApplicationLink)或已安装(通过Apps，Manage Apps)，是否需要执行POST请求?

My app is not linked (via ApplicationLink) or installed (via Apps, Manage Apps), is this necessary to perform POST requests?

以下是我的代码示例:

fetch(`https://api.atlassian.com/ex/jira/${jira.cloudid}/rest/api/2/issue/`, {
    method: "POST",
    headers: {
        "Content-Type": 'application/json',
        "Authorization": `Bearer ${jira.token}`
    },
    body: JSON.stringify(data)
})
.then(...)

api 2或3均不适用于此POST请求.我已经探索过使用基本身份验证但是由于CORS错误，此操作失败.

Neither api version 2 or 3 are working for this POST request. I have explored using Basic Auth however this fails due to CORS errors.

我已经验证了POST请求确实可以在POSTMAN中工作(使用cloudid和token).

I have verified that the POST request does work in POSTMAN (using the cloudid and token).

-------------------------------------------- -------------------------------------------------- -----------------------------

更新

与Atlassian员工交谈后，他们的API安全性存在问题:

After talking to Atlassian Staff, there is an issue within their API security:

"通过尝试您提到的相同内容，我认为我发现了问题所在.您的请求可能会失败，并在浏览器中显示"XSRF检查失败". 我已经与我们的一位安全工程师进行了交谈，我们迅速研究了实现代码，以确认为何此方法不起作用以及需要在我们这方面进行哪些更改.我们也已经打开了一张工程票以解决此问题.这可能需要几个星期才能得到解决，但是如果我听到任何更新，我会及时通知您！"

"By trying the same thing you mentioned I think I found what the problem is. Your request likely fails with a ‘XSRF check failed’ in the browser. I’ve already talked to one of our security engineers and we quickly dived into the implementation code to confirm why this not working and what would need to be changed on our side. We’ve also already opened a engineering ticket to get this addressed. This will likely take a few weeks to get addressed, but I’ll keep you posted if I hear any updates!"

XSRF check failed是我的403响应的主要错误.我将发布收到的所有更新，并在找到解决方案时回答问题.

The XSRF check failed was the main error for my 403 response. I'll post any updates I receive and answer the question when a resolution is found.

推荐答案

显然已经解决了.请在此处关注讨论:

This has apparently been resolved. Follow the discussion here: https://community.developer.atlassian.com/t/jira-cloud-rest-api-oauth-2-0-error-403-on-post-requests/25621/4

这篇关于POST请求上的JIRA Cloud REST API(OAuth 2.0)错误403的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！