Our internal forge app started to display the “Allow access” screen today asking for the users permission to access Atlassian products on their behalf.
The app however is only using api.asApp() calls in the backend and it was not required to allow the access in the past for the app to work.
No code or permissions were changed / redeployed and the issue was first noticed this morning.
Has there been any change concerning app permissions?
Thanks!
Hey @ckater,
We have recently rolled out a change that discloses more information to users about what apps are doing. This means that users need to consent to the usage of more apps than before.
You can read more in our May 24 2021 changelog entry: https://developer.atlassian.com/platform/forge/changelog/#24-may-2021
Hey @danielwinterw,
We closely monitor the changelog and noticed the (highly welcome!) egress permissions entry from the 24th, though the phrasing “Starting 14 July 2021” conveyed that we neither need to change anything right away, nor that there would be any impact on already deployed apps whatsoever?
Here’s how we would prefer a change like this to be rolled out ideally:
Case in point, while not yet fully understood (and most likely multi-faceted), our first Forge app incident seemingly correlated with this change: The reset ‘Allow access’ grant flow worked in Jira, but always resulted in an error in Confluence, effectively causing an app outage.
Looking forward to your thoughts, Cheers,
Steffen