App requesting access permission from user when only .asApp() is used

Hey @danielwinterw,

We closely monitor the changelog and noticed the (highly welcome!) egress permissions entry from the 24th, though the phrasing “Starting 14 July 2021” conveyed that we neither need to change anything right away, nor that there would be any impact on already deployed apps whatsoever?

Here’s how we would prefer a change like this to be rolled out ideally:

  1. If at all possible, changes to the permission handling on the platform side should not have any impact on currently deployed apps.
  2. In case 1 needs to be overruled for whatever reason, it would be great to have an upfront ‘deprecation’ style notice and/or process so that we could ideally prevent any impact by updating affected apps beforehand, or at least make support and engineering aware of and prepare for potential fallout.

Case in point, while not yet fully understood (and most likely multi-faceted), our first Forge app incident seemingly correlated with this change: The reset ‘Allow access’ grant flow worked in Jira, but always resulted in an error in Confluence, effectively causing an app outage.

Looking forward to your thoughts, Cheers,
Steffen

2 Likes