Forum Academy Marketplace Showcase Pricing Features

Trouble with Scopes in User-Agent Authorization

I’m trying to use the API Connector User Agent Authorization to allow users to authorize themselves with Atlassian (Jira).

I’ve set everything up as follows:

However, when I go to execute the Login/Signup Using a Social Login workflow, Jira is telling me no valid Scopes have been selected. See below…

But it should look like this:

Here is the oAuth Jira documentation:

Here is the list of Scopes:

Appreciate everyone’s help here.

In your App in your dev account in Atlassian, did you add permissions? they need to be added there first.

Hey @Jici, I’ve added them there first. Do the Scopes need to match exactly the ones listed in the Bubble API? I figure it doesn’t since it’ll use only the ones that are listed.

I feel like my mistake is on the Bubble side, since it’s redirecting me to the auth page, but not passing through the proper scopes.

Did you try to url encode them directly in API Connector?
Like: read%3Ajira-user%20read%3Ajira-work

Yah, just tried the following combinations:

  • read%3Ajira-user%20read%3Ajira-work
  • scope=read%3Ajira-user%20read%3Ajira-work
  • ?scope=read%3Ajira-user%20read%3Ajira-work

No luck unfortunately…

What I suggest is: Put the initial setting you have tried. Click on the button to login and copy the url here. It will be easier to inspect if there’s any error when bubble create the authorize url

This is the link I get

I see there’s problably some missing info like audience that is a requested parameter
Try to add ? at the authorize url

The url you post have consent not at the correct place and I don’t see any scope, but it’s not impossible that you get redirected. It may be more complex to debug

Yes, this is the URL I get before the redirect I sent you above.

For me it’s not working but if you try this

(just added audience)

You may see something different
However, this link may also be a redirected one because I don’t see the authorize url at first.
I have set the Jira API in the past but I don’t remember exactly how and I don’t have my example for it anymore

I see what you’re trying to do, and I’ll keep poking around to see if I can rebuild the link as it’s supposed to be. It feels super close. Appreciate your help.

Also, I’m in Quebec too :slight_smile:

1 Like

Parfait! I’m sure you are not far from getting it work :wink:

1 Like

I think I got it haha… you were right… add the below and it worked… testing now to see but unblocked for now. GROS MERCI!


@Jici quick follow up question, if you don’t mind :slight_smile:

The oAuth2.0 is working great, and using the Signup with Social Login workflow, I am able to successfully have the user complete the full trip.

The issue now is that my calls were setup using Basic Auth, which seems, is not recommended or supported by Atlassian for what I want to do. When I try to execute my call, I’m getting a 401 error.

As per the documentation, this is what the post request should look like:
curl --request POST
–url ‘
–user ‘[email protected]:<api_token>’
–header ‘Accept: application/json’
–header ‘Content-Type: application/json’ \

And this is within my bubble currently:

I believe the issue is that the " --user ‘[email protected]:<api_token>’ " is not in the bubble request. Would you have any ideas how to add it?

You want to use basic auth for this endpoint and not the oAuth2?
Did you create a new API (not just a new call. You need to separate the auth. Some API will not accept your call if you have two auth header)
Did you use the Basic auth in Bubble?

I would like to use oAuth2.
Currently, the authentication and the calls are all in one api. Should I separate them and set the Authentication field to None/Self-Handled?

If you use oAuth2, why do you try to use basic auth? I’m a little bit lost on what you are trying to do and the confusion between the two auth you want to use

Sorry for the confusion. I should not have mentioned the Basic Auth, as it was something that was done by someone else. According to the Jira documentation, they highly recommend oAuth2, and because I’m building an enterprise product, extra security is what I’ll need.

And right now, all the calls are within the oAuth2 api.

The first thing to check is if your authorization for API Connector is expired. Bubble doesn’t refresh the authorization for the API connector automatically. After the access token is expired, you will not be able to initialize call before you reauth in dev debug mode.

Second thing to check is to be sure the authorization scopes allow you to call the endpoint. In this case, user need to allow write:jira-work scope for this endpoint

Yah, I was able to approve it in debug mode, and get the token.

I also have write:ira-work in the URL.

It seems the problem is that the user token is not being passed along with the individual call to ‘create a ticket’ and therefore is failing because I’m unauthorized. I’m not sure how to pass along the valid token, from the oAuth, to the individual call. I think once I can figure that out, it’ll work.

You mentioned that the calls should be in a separate api? (They are in the same one now).

The other option I’m thinking is trying to add the query on ‘’ like '?code=<access_token>" but that hasn’t really paid off yet. Do both the user’s email and token need to be passed through to validate the oauth2? In that case maybe a ‘?email=&code=<access_token>’ does the trick. What do you think?