How did you do it? I'm getting the same error even through OAuth.

@Albus Dumbledore , are you including the user_id parameter in requests? Also, are you using this same approval API? Have you successfully tested impersonating a user with a different API call? 

@Will Balson , we are trying to resolve the similar issue. Can you please provide me the details of authentication you did if it is from workato or Jira and steps to achieve this.

@Niharika Sarabu , at a high level, what we did was:

• Generate keys and set up Oauth app in Jira as described in Atlassian's Oauth documentation: https://developer.atlassian.com/server/jira/platform/oauth/
• Each time I want to call the ServiceDesk API for an approval, I first call a Python script I wrote which calculates the credentials from the keys
• When calling the Servicedesk API, those oauth credentials are passed in the approval request, along with the user_id parameter for the user

@Will Balson , Thanks for your response.

Can you share the script and also explain from where do you call the script, is it in workato or Jira?

Here is a rough version of our scrip - https://controlc.com/b672fbb4

Sorry for the 3rd party link, this community site rudely strips out all of my indentations when I try to paste

There are two components needed in Workato. First you need to configure Workato's on-prem agent to point to the script. You can learn more about that here: https://docs.workato.com/connectors/on-prem-command-line-scripts.html

The second piece is a recipe in Workato. I have a simple callable recipe (or "function" recipe), which takes as input the URL, method, body, data, and parameters. This recipe's only job is to take the URL, method, body, and data, pass it along to the script, and then spit out the credentials.

So from my approval recipe, for example, in one recipe step I'm calling that function recipe first to get the credentials, and then in the next recipe step I'm using those credentials to call ServiceDesk to perform the approval

Please carefully review the script and make sure you proofread, understand, and customize it before implementing in your environment!

Sure!! Thanks for the details & script.

Hello @Will Balson ,

Can you please share anonymized call you perform for the "get credentials" step?

I am a bit confused because can guess only part of arguments passed here )

url = sys.argv[2]
method = sys.argv[1]
data = sys.argv[3]
params = ast.literal_eval(sys.argv[4])

I suspect URL stands for one of following URLs:

request_token_url = 'http://localhost:8090/jira/plugins/servlet/oauth/request-token'
access_token_url = 'http://localhost:8090/jira/plugins/servlet/oauth/access-token'
authorize_url = 'http://localhost:8090/jira/plugins/servlet/oauth/authorize'

method - POST?

And data with params left me without options to guess :)

Any information will be appreciated,

Thank you.

Sure thing Oleg!

URL - The script is providing Oauth credentials for an API call, so this is the API endpoint that needs to be called. So it will be something like https://jira.your-company.com/rest/api/2/whatever

Method - yep, this is GET, or POST, or DELETE, or PUT. Whatever the appropriate one is based on the method and what needs to be done

Data - often, this will be empty, if the API call is simply a GET for an issue. If you are dealing with Editing an issue, this will be a JSON of which fields are being updated. If you are adding a comment, it will be a JSON of the text you'd like to add as a comment.

Params - special options which control how the API call works. If the Application Link in your Jira is configured to "Allow user impersonation through 2-Legged OAuth" in the "incoming authentication" section, this is where you will specify user_id to perform that action on behalf of a user. If the API endpoint is search, I believe this is where you can specify which fields are returned, how many issues are returned, etc.

Below is an example of what it looks like when my bot is approving a ServiceDesk ticket on behalf of a user

{

data: {"decision": "approve"},

method: POST,

params: {'user_id': 'john'},

url: https://servicedesk.companyname.net/rest/servicedeskapi/request/IT-128291/approval/53485

  }

Happy to provide anything else if that's still not clear!

The documentation for the parameters and data body structures for each API call for Jira are here (for jira version 8.20) - https://docs.atlassian.com/software/jira/docs/api/REST/8.20.12/#api/2/issue-editIssue