Our team are migrating from ACE’s shared-secret-dependent JWTs to Forge’s apiBaseUrl + appToken method of creating valid requests from our Forge remote back to the host product. We have run into a problem using the app properties API in our Forge remote using Forge app/user tokens.
We currently use connect app properties in our apps to conditionally render UI modules. Historically, we’ve used the ACE http client to perform CRUD operations on these properties. With the Forge auth we’re unable to invoke this endpoint without getting this error: {"code":401,"message":"Unauthorized; scope does not match"}.
The app properties docs say “Additionally, Forge apps can access Connect app properties (stored against the same app.connect.key).”, and our connect key matches the historic connect key. And the required OAuth 2.0 scope write:app-data:confluence is in the manifest (along with read). However, using the app token (or a user token) to perform any CRUD operation on this endpoint will always fail.
Are we making the correct assumption that we should be able to invoke this endpoint from our remote using Forge credentials? If not, what is the suggested pathway for apps with existing connect app properties which are being used to conditionally enable connect/forge modules during migration.
Thanks