Edit Scopes Page Suggestions Since Scope Update


Since the update to the permission scopes from 10 to 250 of them (At least in the Jira API) picking scopes has become very cumbersome. I think both of these would make for a much nicer experience:

  1. Turn off the close on outside click for the edit scopes modal. I’ve lost a ton of time trying to setup an app with 30 scopes only to accidentally click outside the modal and have it instantly close without saving anything. Or at least an “Are you sure?” popup.

  2. Add the ability to upload a comma separated list of scopes to request if we have them instead of needing to go through the whole list searching for them one by one and checking the box.

I’m not sure if this is the right place for suggestions but I didn’t see anywhere else that was developer focused and not just Marketplace so if this is the wrong place I’m sorry :slightly_smiling_face: and let me know where this would best fit!



Some related suggestions: Action required: Update scopes for Forge and OAuth 2.0 (3LO) apps - #43 by tbinna

The exact same thing as highlighted in 1 happened to us as well. Since then we click ‘save’ each time we tick a permission.

Regarding 2, absolutely agree. If you have multiple apps and you need to manage scopes for all of them it’s really painful.

Alternatively, instead of selecting individual permissions, it would be much easier to select the API endpoint that you would like to use. Required permissions can then be inferred from that.

1 Like


To expand our understanding on how developers use the OAuth apps, could you elaborate on your reason for having multiple of them that have the same scopes?

@ibuchanan I am not sure about @tbinna but we use them for different environments. So we have an app for postman testing, local testing, dev, and prod.

We keep them separate in case we need to change scopes during development so we don’t invalidate the grants associated with the other apps and interrupt production or other testing in other environments.

1 Like

Hey @ibuchanan, yes sure, it’s basically for the same reason that Alex highlighted. We have multiple apps for different environments. One for development, testing, staging, and production. I am not sure if we would be able to register multiple callback URL options for the same app (this is not clear from the UI). But I think even if we could, having multiple apps gives us maximum flexibility to roll out changes to the OAuth app configuration when they are deployed to the respective environments. Hope that makes sense.


I am not sure if we would be able to register multiple callback URL options for the same app (this is not clear from the UI).

No, you cannot. This does force the pattern of environment-based apps you and Alex described. Thanks for the context.

1 Like

@tbinna @AlexHofer as you would have seen we have paused the granular scopes rollout and stopped deprecation of classic scopes. This gives us the time to re-evaluate our granular scope approach. I was wondering if you would be willing to be contacted for feedback once we have a few options to evaluate. We want to make sure we are getting it right next time and your input would be greatly appreciated


Hey Julia!

I would be happy to provide feedback for those options. :slightly_smiling_face:

Thank you!

1 Like

Hey Julia, yes, please do include us in any feedback sessions. I would be happy to participate.

1 Like