Forge: Consent screen doesn't show again after changing scopes


I have a simple app running some webtriggers, bylines and an admin page, and I recently needed to add a scope.

I did all the works (forge deploy, forge install --upgrade) etc, but I can’t get the consent approval screen to appear again. Result is that the newly built functionality doesn’t work because of lack of permission.

Even installing this plugin with my user on an entirely new instance doesn’t ask for consent.

Anyone found a solution for this? I can’t execute the functionality, because no permission, but there’s no way to grant the permission.

What am I doing wrong?

Are you sure the “functionality doesn’t work because of lack of permission”, even on an entirely new instance? The explicit user consent flow has recently been removed in favor of Simplified user consent for Forge (after an opt-in preview period), so it isn’t surprising that you don’t see it anymore:

We’ve changed the consent model for Forge so that individual users no longer need to grant consent in most cases.

This includes when they interact with an app for the first time and after major version changes.

As part of the GA release:

  • New Forge apps will automatically adopt the simplified user consent flow.

  • Existing apps will adopt the new flow after their next deployment and it will be minor version update. You don’t need to make any change to your code.

Of course, it is supposed to automatically grant all scopes once the administrator has installed an app, so anything else would be a major bug.

Thanks Steffen for helping find a solution!

I understood the new functionality as being that only an admin should approve the data access, when installing the app. If, with an update, the app asks for additional scopes, the admin would need to press the button to update manually, and then get the consent screen to approve again. I seem to remember this happening with a marketplace forge app we have installed on our instance.

Unfortunately, for my app, none of this is happening, and if I check the developer console, I can see that I get a 401 error when calling the endpoint where I needed the extra scope for.

    "message":"Unauthorized; scope does not match",

so I’m guessing I’m missing a consent form for the admin to approve the scope change. Or would there be another reason for this specific error message?

1 Like

Hey Joachim,

That does sound like you’re doing everything correctly. Running the forge install --upgrade should upgrade the version of your app to the one with the new scopes (i.e. simulating the admin doing the upgrade). It’s especially strange that it’s still not working on a fresh installation on a new site.

Can you please log a ticket so we can get some more details off you to follow this up?


1 Like

Ok, my mistake. I’ve checked my code and apparently I had a typo in my endpoint, causing me to call a non-existent endpoint. Because I was getting a 401 - scope does not match, I was looking into the permissions, while if I had gotten a 404, I would be triggered to search for an error in my code.

1 Like