Do Forge apps in dev environments really get all available OAuth 2.0 scopes?

I just noticed in the Forge permission docs (blue info box) it says:

Forge apps deployed in the development environment always receive all available OAuth 2.0 scopes

Is this is really true? This is new to me. It would mean any declared scopes are irrelevant until you deploy to staging or production and you can only really test scopes in staging or production environments.

I would appreciate it if anyone could help to clarify.

7 Likes

Hi @tbinna, thanks for bringing this up!
This doesn’t look right… an app deployed in the development environment does not get all available OAuth scopes by default. let me chase this one up.

3 Likes

I can confirm from testing that it is not true, as you will get the appropriate permission denial errors without the proper scopes. I was pretty confused by that line in the docs as well.

Hi, sorry about that, I have removed the statement from our docs.

2 Likes