403 error when accessing users in a project

Question

I am trying to get the list of users who have access to a project using this Forge API. I have given the scope as account:read. I tried it suing Postman and also from ASP.NET Core backend which I am developing. In both cases I get the same error:

{
    "status": 403,
    "type": "",
    "id": "80757c600ab0de6c",
    "title": "Forbidden",
    "detail": "The 3 legged access token does not have access"
}

Is there anything that I need to change in BIM 360 so that I can resolve this error? This is my backend code (BASE URL):


        [HttpPost]
        [Route("api/forge/bim360/projectusers")]
        public async Task<dynamic> GetProjectUsersAsync([FromQuery] string projectId, [FromQuery] string userId)
        {
            dynamic access_token = await CheckToken();

            RestClient client = new RestClient(BASE_URL);
            RestRequest request = new RestRequest("/bim360/admin/v1/projects/{project_id}/users", RestSharp.Method.GET);
            request.AddParameter("project_id", projectId, ParameterType.UrlSegment);
            request.AddHeader("Authorization", "Bearer " + access_token);
            request.AddHeader("User-Id", userId);

            try
            {
                IRestResponse issueTypesResponse = await client.ExecuteGetTaskAsync(request);
                dynamic users = JObject.Parse(issueTypesResponse.Content);

                return Ok("Found Users");
            }
            catch (Exception ex)
            {
                //TODO Add real logger
                StreamWriter st = new StreamWriter(@"Logg/logg.txt", true);
                st.Write(ex.Message);
                st.Close();
                return StatusCode(500);
            }
        }

Any help appreciated.

score 0 · Answer 1 · answered Nov 26 '21 at 20:34

Just tried your code here and it works just fine. The error message states that the user on 3LO doesn't have permission to access the project users. Please note that this endpoint works with 3LO or 2LO (with or without User-id). If you change to a user with permission or 2LO you should be able to access the project users. When using 3LO, permission is granted by the user that acquired the token (User-id header is ignored).

score 0 · Accepted Answer · answered Dec 09 '21 at 04:45

0

Worked on it for some time and figured it out. It has to do with the way the Forge App is setup. The access token that we retrieve can't access user details.

answered Dec 09 '21 at 04:45

cyber_builder

11
3

403 error when accessing users in a project

2 Answers2