App requesting access permission from user when only .asApp() is used

Our internal forge app started to display the “Allow access” screen today asking for the users permission to access Atlassian products on their behalf.
The app however is only using api.asApp() calls in the backend and it was not required to allow the access in the past for the app to work.
No code or permissions were changed / redeployed and the issue was first noticed this morning.
Has there been any change concerning app permissions?

Thanks!

1 Like

Hey @ckater,

We have recently rolled out a change that discloses more information to users about what apps are doing. This means that users need to consent to the usage of more apps than before.

You can read more in our May 24 2021 changelog entry: https://developer.atlassian.com/platform/forge/changelog/#24-may-2021

1 Like

Hey @danielwinterw,

We closely monitor the changelog and noticed the (highly welcome!) egress permissions entry from the 24th, though the phrasing “Starting 14 July 2021” conveyed that we neither need to change anything right away, nor that there would be any impact on already deployed apps whatsoever?

Here’s how we would prefer a change like this to be rolled out ideally:

  1. If at all possible, changes to the permission handling on the platform side should not have any impact on currently deployed apps.
  2. In case 1 needs to be overruled for whatever reason, it would be great to have an upfront ‘deprecation’ style notice and/or process so that we could ideally prevent any impact by updating affected apps beforehand, or at least make support and engineering aware of and prepare for potential fallout.

Case in point, while not yet fully understood (and most likely multi-faceted), our first Forge app incident seemingly correlated with this change: The reset ‘Allow access’ grant flow worked in Jira, but always resulted in an error in Confluence, effectively causing an app outage.

Looking forward to your thoughts, Cheers,
Steffen

1 Like