jobs endpoint returning 403 saying it requires some admin.object_export oauth scope

English Forum Developers & API
1

Hey Devs,

I’m trying to poll /jobs endpoint to ensure a new project is successfully created before moving onto other project related actions. Within Asana Developer, I’ve given my app full permissions related to Portfolios, Projects, Templates, and Workspaces.

I’ve been able to successfully call the following endpoints:

  • /project_templates
  • /projects
  • /users
  • /instantiateProject
  • /portfolios

I’ve ensured I’ve provided the same scope when instantiating my Asana OAuth client.

However, when trying to poll it fails related to admin scope.

Code: 403.
Response: {
  "errors": [
    {
      "message": "One of the following scopes must be present to use this endpoint: admin.object_exports. Alternatively, you can request full permissions."
      "help": "For more information on API status codes and how to handle them, read the docs on errors: https://developers.asana.com/docs/errors"
}]}"

Here is the relevant code.

    const url = `https://app.asana.com/api/1.0/jobs/${jobGid}`;
    const response = UrlFetchApp.fetch(url, {
      method: 'get',
      headers: { Authorization: `Bearer ${asanaService.getAccessToken()}` },
      muteHttpExceptions: true
    });

    const responseCode = response.getResponseCode();
    const responseText = response.getContentText();

    if (responseCode !== 200) {
      throw new Error(`ASANA_JOB_POLL_ERROR: Failed to poll job. Code: ${responseCode}. Response: ${responseText}`);
    }

After any changes to oauth scope, I always clear and fetch a new auth token.

Any help or advice to troubleshoot this would be very welcome!

Thanks everyone :heart:

2

Hi @Ben_Lublin , and welcome to the Asana Forum!

I was able to reproduce this issue, so it looks like your app configuration is correct. At the moment, our team is still actively developing OAuth scopes, and some of them aren’t fully surfaced yet. In your case, however, the scope itself appears to be available, but it’s not listed in the Developer Console.

This doesn’t seem to be expected behavior, so I’ll raise it with the appropriate internal team for investigation. In the meantime, as a workaround, you can select the default scope (“Full permissions” in the Developer Console), which will grant your app access to all resources.

Sorry for the inconvenience. I’ll keep you posted and follow up as soon as I have an update from the team.

Thanks,
Dominik

3

Hey @dbrdak

Thanks for taking the time to look into this. I appreciate you validating the issue and passing it onto the appropriate backend team. Looking forward to hearing when this has been addressed.

Best wishes,

Ben

4

Hi @Ben_Lublin!

I’m happy to share that our team has resolved this issue by introducing a new jobs:read scope. You can now find it in the Developer Console and include it in your OAuth apps as needed.

image

Thanks so much for bringing this to our attention, we really appreciate the feedback!

Best,
Dominik

5

Hey Dominik,

Just ran a test against the endpoint and was able to easily poll until the job was finished! Thank you, and please thank the team as well. This makes it so much better to interact with projects that have finished setting up, rather than putting in arbitrary wait times.

Have a wonderful rest of your week,

-Ben

6

Thank you for the feedback @Ben_Lublin! Have a great rest of your week!