"Allow access" consent shown for every user

It seems like the “Allow access” button is shown for every user, even if asUser() from @forge/api isn’t even called in a function - as soon as a single scope is being used in the manifest (e.g. read:jira-work).

This is having a big negative UX impact for our new Forge app which we were just about to release. We also regularly get frozen browser windows (for 2 different users on 2 different OS’s) when hitting “Allow access”. We’re seriously considering to not release our app until this has been fixed.

Is there anything we can do to prevent having to get user consent first? Is the browser freezing issue known?

2 Likes

Hi @ben2

Frozen browser windows are definitely a new problem. Is there a way your users could screenshot or record a video? Also, what’s the URL when a browser is frozen? Is it the OAuth2 consent screen (where users consent to provide access to the app to their data)?

Regarding asUser(): it is not great indeed. From my experience, you can avoid showing the “Allow access” button if your app function doesn’t call asUser(). As an example, some time ago we published a sample app on Marketplace (source code) which had the same problem. What we discovered is that for some users asApp() could work fine but for others, it didn’t (platform restrictions - some Confluence pages are private and asApp() didn’t work). I changed the code to call asApp() first and asUser() if the first call doesn’t succeed.

It doesn’t necessarily mean that it will work for your case. But I just wanted to share the idea that Forge runtime’s logic is pretty much like it: if “Allow access” is displayed, there’s a very high chance that asUser() was used somewhere in your code.

Lastly, could you please create an issue in Forge - Issues - Ecosystem Jira? This could help engineers and product managers prioritise the issue.

Hello @Dmitrii,
Thanks a lot for your insights. Please note that we’re not calling asUser() at all - it is not present in our entire codebase. We can even reproduce it without calling asUser() or asApp().

I have opened FRGE-514 for the frozen browser after consent and FRGE-515 for the consent issue without calling asUser().

Please let me know if you have any other insights, as this is blocking us from releasing our app to the Marketplace. Thanks!

1 Like