diff --git a/apps/docs/content/docs/en/integrations/atlassian-service-account.mdx b/apps/docs/content/docs/en/integrations/atlassian-service-account.mdx index 313fd5ceaf2..de38fe8a69a 100644 --- a/apps/docs/content/docs/en/integrations/atlassian-service-account.mdx +++ b/apps/docs/content/docs/en/integrations/atlassian-service-account.mdx @@ -64,13 +64,20 @@ The service account inherits permissions from the project/space roles you grant Select the scopes the token needs. The minimum set Sim's Jira and Confluence blocks expect is: - **Jira (granular):** + **Jira (classic):** ``` read:jira-user read:jira-work write:jira-work ``` + **Jira Service Management (classic):** + ``` + read:servicedesk-request + write:servicedesk-request + manage:servicedesk-customer + ``` + **Confluence (granular):** ``` read:confluence-content.all @@ -82,6 +89,10 @@ The service account inherits permissions from the project/space roles you grant Add more scopes only if you need the corresponding operations (delete, manage webhooks, etc.). The full list of scopes Sim's blocks may use is documented in [Atlassian's developer reference](https://developer.atlassian.com/cloud/jira/platform/scopes-for-oauth-2-3LO-and-forge-apps/). + + Prefer the classic scopes above over granular equivalents. Atlassian enforces an endpoint's granular scope list as all-or-nothing, so a token built from a partial granular set fails with `Unauthorized; scope does not match` even though each individual scope was granted. The classic scopes each cover their product's endpoints on their own. If your organization only permits granular scopes, include every scope listed for each endpoint in Atlassian's reference — Jira Service Management request operations also require `read:user:jira`. + +
= { 'read:me', 'offline_access', 'read:issue.vote:jira', + 'read:user:jira', 'delete:issue:jira', 'delete:comment:jira', 'delete:attachment:jira', 'delete:issue-worklog:jira', 'delete:issue-link:jira', - // Jira Service Management scopes + // Jira Service Management scopes. The classic scopes are required: Atlassian + // enforces an endpoint's granular scope set as all-of, and several JSM request + // endpoints include scopes outside this list in their granular sets. + 'read:servicedesk-request', + 'write:servicedesk-request', + 'manage:servicedesk-customer', 'read:servicedesk:jira-service-management', 'read:requesttype:jira-service-management', 'read:request:jira-service-management', diff --git a/apps/sim/lib/oauth/utils.ts b/apps/sim/lib/oauth/utils.ts index dfa959acac7..fbb475cfe51 100644 --- a/apps/sim/lib/oauth/utils.ts +++ b/apps/sim/lib/oauth/utils.ts @@ -168,6 +168,9 @@ export const SCOPE_DESCRIPTIONS: Record = { 'delete:issue-link:jira': 'Delete links between Jira issues', // Jira Service Management scopes + 'read:servicedesk-request': 'View service desk requests', + 'write:servicedesk-request': 'Create and update service desk requests', + 'manage:servicedesk-customer': 'Manage service desk customers and organizations', 'read:servicedesk:jira-service-management': 'View service desks and their settings', 'read:requesttype:jira-service-management': 'View request types available in service desks', 'read:request:jira-service-management': 'View customer requests in service desks',