Better understanding of the permission system


I am developing a Jira app using Forge that is using the projectPage module. I had to set different permissions because I am reading the Jira Tasks and also modify them from within the app. I’ve noticed that after I modified the permissions the user has to accept them. I have to mention that I’ve never deployed my app to production yet. So far, I’ve only seen the “Accept permission screen” in dev.

However, I’ve installed other apps from the Marketplace and I have not seen this behaviour. For example, I’ve installed the app Agile User Story Map & Product Roadmap for Jira` from DevSamurai and it never asked me to accept any permission.

Am I doing something wrong? Are the permissions only for certain types of apps?

Yes. Forge Apps handle authorization differently than Connect Apps. The App you cited is a Connect App, which only asks about course-grained permissions once during install. With course-grained scopes, the need to change scopes is also much less frequent.

Thanks for the answer! I am trying to understand why the permissions are handled differently. From what I’ve understood from the documentation, with both Forge and Connect apps you can modify the same things from the user’s projects.

Also, as a feedback, I would suggest to include this information in the comparison table that is presented here.


The difference in authorization flows does not change the fact that both Forge and Connect “can modify the same things from the user’s projects.” That’s still true, even if install/authorization flows are different. Forge builds on top of OAuth 2.0 scopes, with auth handled automatically in the Forge runtime. Meanwhile, Connect has its own set of scopes, requiring apps to authenticate with standard and custom JWT claims.

Your feedback on the docs seems reasonable. The best way to get action on that, or any similar problems you find in the docs, is to rate and comment on the page.