Hello,

We are facing a problem in some environments when trying to obtain a user's email.

Our app already has the ACCESS_EMAIL_ADDRESSES scope authorized by Atlassian.

In some environments, when trying to make this call:

restClient.authenticatedAsAddon()
        .getForEntity("/rest/api/3/user/email?accountId=" + userAccountId, Object.class)

  The logs show this:

: Generating JWT with canonical request: [CanonicalHttpUriComponentsRequest@4ea4b2b4 method = 'GET', relativePath = '/rest/api/3/user/email', parameterMap = '[accountId -> (HIDDEN_ACCOUNT_ID),]']

org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden:

We also updated our atlassian-connect-spring-boot version to 2.2.0 version and atlassian-connect descriptor to comply with the latest security requirement, adding:

"apiMigrations": {
  "context-qsh": true,
  "signed-install": true
}

The curious thing is that the error does not happen in our test environments.

What could be happening here?