UserPicker empty in UI Kit 2, HTTP 403 in console

I have a Forge UI Kit 2 UserPicker that works for me in my dev site but doesn’t populate on my friend’s site. What we see on his site is that clicking it shows its loading spinner for a fraction of a second, then the spinner disappears but no users are shown.

On his site I notice that every time I click it a HTTP 403 appears in the JS console for POST https://cuffeco.atlassian.net/gateway/api/v1/recommendations. This does not happen on my dev site.

The UserPicker is very simple:

      <UserPicker
        label="Whose tasks would you like to view?"
        name='user'
      />

The app already had the read:jira-work permission and I added read:jira-user but that didn’t change the result.

Am I doing something wrong here, or is this a bug? What can I do to get the UserPicker working?

Hi @PeterBrownlow1,

Which extension point is this app installed in? Also you may need to reconfigure the project permissions on your friend’s site - see this page about permissions - where they need to grant you permissions to a (multi-)user/group picker custom field.

Let me know if that doesn’t work and I will try and replicate your case.

Cheers,
Yuwei

Hi Yuwei,

The app is installed onto 2 extension points: jira:globalPage and jira:dashboardGadget. I see the same behaviour in both places.

Unfortunately when I click the link to the page about permissions I get redirected to Atlassian Documentation | Atlassian Support | Atlassian Documentation . I’m guessing that either it doesn’t exist anymore or, ironically, I lack permission to view it.

-Peter

@YuweiShen any update?

Hi @PeterBrownlow1,

Apologies for the late reply. I’ll be looking into this now and will update you once I have any information.

Cheers,
Camelia

Hi @PeterBrownlow1,

Apologies, didn’t see the reply until the tag. I think the link I sent is outdated, will try and recreate this case in the extension points.

Cheers,
Yuwei

Hi @PeterBrownlow1,

Apologies for the delay. I am having trouble reproducing this problem.

Would you be able to send over the following information from your friend’s Forge app?

• manifest.yml file, please feel free to redact all sensitive information, I just want to see the extension properties used
• package.json file, I want to see what packages are being used and their versions

Thank you for your patience and looking forward to your reply.

Cheers,
Camelia

@CameliaGao here you go:

manifest.yml:

modules:
  jira:globalPage:
    - key: app-global-page
      resource: main
      resolver:
        function: resolver
      render: native
      title: App
  jira:dashboardGadget:
    - key: app-dashboard-gadget
      resource: main
      resolver:
        function: resolver
      render: native
      title: App
      description: blah blah blah
  function:
    - key: resolver
      handler: index.handler
resources:
  - key: main
    path: src/frontend/index.jsx
app:
  id: ari:cloud:ecosystem::app/0063cb80-a8b0-4cfa-bd19-fdf6b40acc6d
  licensing:
    enabled: false # true for marketplace distribution, false for installation by sharing a link
permissions:
  scopes:
    - read:jira-work # list issues
    - read:jira-user # user picker? possibly unnecessary

package.json:

{
  "name": "jira-global-page-ui-kit-2",
  "version": "1.0.18",
  "main": "index.js",
  "license": "MIT",
  "private": true,
  "scripts": {
    "lint": "./node_modules/.bin/eslint src/**/*"
  },
  "devDependencies": {
    "eslint": "^8.55.0",
    "eslint-plugin-react-hooks": "^4.6.0"
  },
  "dependencies": {
    "@forge/bridge": "3.2.0",
    "@forge/react": "9.1.2",
    "@forge/resolver": "1.5.25",
    "react": "^18.2.0"
  }
}

Hi @PeterBrownlow1 thank you for providing all of the data.

As you have mentioned in your initial post, the UserPicker isn’t loading because the /gateway/api/v1/recommendations API is erroring out.

I was trying to see if the version of the @forge/react package installed in the app contained a broken UserPicker component, but I’ve tested that version out and it’s been working fine for me.

My UserPicker works fine even without the Jira permission scopes in the manifest.yml file.

I have pinged the team that owns the /gateway/api/v1/recommendations API endpoint and asked them if there’s any reason why it would be failing for your friend’s site, but in the meantime, would you be able to confirm and provide the following information?

• Is this problem still happening? I believe the API endpoint had some problems around the time this request was made, so wanted to make sure that it hasn’t already been fixed
• Would you be able to provide a traceId and response body? this can be obtained by:
  • Opening up the web console and going to the Network tab
  • Go to the Jira page that contains the app with the broken UserPicker
  • Click into the UserPicker so that it tries to load users
  • Filter the network request by /gateway/api/v1/recommendations
  • Within the Response Headers tab there should be a X-Trace-Id property, send me this ID
  • Now go to the Response tab and send me the response

Please feel free to send all of this information through a PM if you’re uncomfortable sharing this in an open forum.

Thank you for your patience!

Cheers,
Camelia

Hi @CameliaGao ,

That’s consistent with what I’ve been seeing - when I make my own Forge app and install it on my site, through the Forge CLI, the UserPicker works fine. It’s when I install it on the different site through the installation URL that we see the errors.

The problem is indeed still happening. I just retested.

x-trace-id: e747f3feae774ee4afb5768b186372da

Response body:

{
  "message": "The requesting user does not have permission to perform this action",
  "status": "FORBIDDEN",
  "statusCode": 403
}

-Peter

Hi @PeterBrownlow1 ,

The team responsible for this endpoint traced this error down, and we believe it’s the Browse User Permissions setting causing this. Could you follow this page - Unable to Browse for Users and Groups | Jira | Atlassian Documentation - and see if that works for you?

Thanks for your patience once again!

Cheers,
Yuwei

Success! Thankyou! It turns out that somehow permissions on this instance got into a mess and nobody has the Browse users and groups permission. When I granted it I was able to view users in the UserPicker.

However, that revealed a second unexpected problem: this UserPicker shows only a single user at a time, not a list. I was able to find users by typing the first few characters of their names. I checked a UserPicker on a different site and that one showed a longer list.

Here’s a screenshot of the UserPicker showing only a single user:

Hi PeterBrownlow1,

Good to hear that it fixed the initial problem! Very interesting, I’ll check with the team that’s responsible for this. Wondering if you could check the network tab in developer console and see if there are any errors (following Camelia’s instructions a few replies above)?

Cheers,
Yuwei

Hi @YuweiShen ,
Sorry for the very slow reply! There were no errors in the JS console, just the failed request as in my initial post.
-Peter

Apologies for the delayed response as well, I was not able to replicate this issue on my setup. Can I confirm that this is still happening? Also wondering if this happens on a specific browser

Many thanks,
Yuwei

I can still trigger it. The key is to have an admin take away the users & groups permission from your user.
It’s a niche issue, but realistically sometimes people are going to mess with the settings in ways that they shouldn’t, and may not even remember what they did. That’s what happened on the site where I encountered this.

I tested on Chrome, Firefox and Edge before I originally reported the bug.