Major new app revision with base URL change

The docs about the app descriptor have this to say about the apiVersion field:

The intention behind the API version is to allow vendors the ability to beta test a major revision to their Connect app as a private version, and have a seamless transition for those beta customers (and existing customers) once the major revision is launched.
Vendors can accomplish this by listing a new private version of their app, with a new descriptor hosted at a new URL.
They use the Atlassian Marketplace’s access token facilities to share this version with customers (or for internal use). When this version is ready to be taken live, it can be transitioned from private to public, and all customers will be seamlessly updated.
It’s important to note that this approach allows vendors to create new versions manually, despite the fact that in the common case, the versions are automatically created. This has a few benefits-- for example, it gives vendors the ability to change their descriptor URL if they need to (the descriptor URL will be immutable for existing versions)

This sounds much like what we want to do.

There is one potential catch, however. Not only is our descriptor URL different, the base URL of the new revision is, too. And further up on that documentation page it says:

Once the app is installed in a product, the app’s baseUrl cannot be changed without first uninstalling the app. This is important; choose your baseUrl wisely before making your app public.

My questions:

  1. Is uninstalling the app necessary, even in the scenario outlined above (new descriptor URL, incremented API version, admin approval, …)?
  2. If uninstalling the app is necessary, how will the Confluence instances handle this? (Is there a message in UPM? Will the update just not show? Will it fail silently?)
2 Likes

Not sure about the API version, but we switch the base URL between releases.
For example: app-server-1.mydomain.com for the current release, and next release might be app-server2.mydomain.com.

We can host the next release of the app whoever app-server2 is, put the new version in the marketplace as private, and share that with customers (for private beta) as needed.
Then, during release, we mark it public, and since it represents a new version, the private beta clients simply use the new version already, and everyone else gets upgraded to the new descriptor at the new url.

As far as we can tell, no uninstall necessary, and unless there is a scope change, no admin intervention necessary either.

4 Likes

Is anyone from Atlassian able to confirm that no uninstall is required when changing the baseUrl of the descriptor?

Example: lets say we have https://example.com/atlassian-connect.json as our descriptor URL and we manually create a new version of the app in marketplace and specify a new baseUrl https://example-new.com/atlassian-connect.json and that is the only change (no scope changes etc).
Will customers be required to uninstall and reinstall? Will customers be upgraded automatically or do they have to take a manual step?

2 Likes

Also looking forward to confirmation from ATL, and (if needed) updated documentation.

I think that the documentation should be changed to provide more clarity on this point.

We have since gone through with the update that occasioned me to ask this question, and, in our case at least, the customers did not have to uninstall the app. The update was completely seamless.

1 Like

@nmansilla, @rwhitbeck are you able to find out about this for us?

1 Like

We changed the baseURL on both our Confluence and Jira plugins, that’s over 20k combined installs, it worked fine.

What it might be is if you are stored some authenication state on a server, that becomes invalid, but our plugin is stateless, so we couldn’t confirm that.

It seems the new security requirements forbid changing the baseUrl: https://community.developer.atlassian.com/uploads/short-url/yGxkelOOhMw2n05u9rrmTO9D2SP.pdf , section 3.
However these security requirements contradict the usage by @dbenson and @maximilian and @ademoss .
@hari and @rwhitbeck : Can we get resolution by Atlassian?

1 Like

The new security requirements post-date all of our answers. They don’t take effect until next year. I would assume you can change it until then.

Are you talking about:

The domain where your app is hostedas specifiedin the app descriptor file (atlassian-connect.json) and thebaseUrlvalue can only be changed by removing and reinstalling the app.

If so - that really seems like it’s written by somebody who doesn’t really fully understand how Connect works with the descriptor and the lifecycle. That said - Atlassian might be changing behavior but that would seem like it would require a 6 months deprecation notice since for me that would be changing the current behavior. @nmansilla @rwhitbeck @mpaisley any thoughts?

3 Likes

@danielwester yes, I’m exactly talking about your quote, and especially in connection with the new security requirements, which seem to contradict (?) the way Connect works.

@marc

It is not clear to me how the new security requirements forbid changing the baseUrl. The text

The domain where your app is hostedas specifiedin the app descriptor file (atlassian-connect.json) and thebaseUrlvalue can only be changed by removing and reinstalling the app.

just reiterates what https://developer.atlassian.com/cloud/confluence/app-descriptor/ states:

Once the app is installed in a product, the app’s baseUrl cannot be changed without first uninstalling the app

Let me know and I can fix the additional information pdf file.

Once the app is installed in a product, the app’s baseUrl cannot be changed without first uninstalling the app

That’s not really how it works.
When we do a release (on Jira Cloud or Confluence Cloud), we change the base url from say myapp-server1.mydomain.com to myapp-server2.mydomain.com.
Once I upload the descriptor json to the marketplace, the new version goes out to customers. Unless the new version is requesting new permissions scopes, administrators don’t have to do anything, and customer instances are upgraded automatically.
This means, after the upgrade, customer now still use my plugin, but ay a new base url.
Nowhere in this chain of actions did anyone uninstall the app, and then reinstall it.

@hari
The information test in the link https://developer.atlassian.com/cloud/confluence/app-descriptor/ seems to not match the usage of baseUrl in ACE. As you can see in the linked document in the example atlassian-connect.json:

...
 "baseUrl": "http://www.example.com/connect/jira",
...

This baseUrl string can be changed easily. If you have a look into the repository Bitbucket

...
"baseUrl": "{{localBaseUrl}}",
...

the baseUrl is even treated as a variable. This variable is initiated in the file config.json, which can be set by the developer. No install/uninstall needed (contrary to what the documentation seems to indicate).

Related to that, Bitbucket says it’s the officially supported ACE Node.js framework for Atlassian Connect. When you install it, it installs outdated packages with known security flaws.

Understood. So the documentation is inaccurate. For future reference, I highly recommend using “Give docs feedback” option in the page(https://developer.atlassian.com/cloud/confluence/app-descriptor/). I just went ahead and did that to request an update to the documentation.

I will go ahead and remove the text around the need to uninstall to baseUrl from the Additional requirements PDF as well. This would clear all confusion.

Related to that, Bitbucket says it’s the officially supported ACE Node.js framework for Atlassian Connect. When you install it, it installs outdated packages with known security flaws.

Thanks for highlighting this. For this particular concern, I answered it here - https://community.developer.atlassian.com/t/security-requirements-for-cloud-apps-call-for-feedback/32406/30?u=hbalasundaram.

If there are security issues anyone wants to report to Atlassian, please report them here - Bug Bounty: Atlassian - Bugcrowd . That is our external bug bounty program and we reward for legitimate exploitable bugs.

3 Likes

Update October 2024: The information in this thread is no longer correct.

We just had an app update that changed the base URL (preparing for data residency, we switch to subdomains like de.*, us.* to reflect the availability zones). At the same time we switched our backend infrastructure. We had a solid plan on how and when to migrate customer data etc.

But the behavior we saw was nothing like people experienced according to this thread, making our careful plans quite obsolete. So you don’t fall in the same pitfall, here’s what we experienced in October 2024:

  • We created a new version via the marketplace, pointing to the new descriptor URL with the new base URL. Testing in private, everything worked as expected.
  • When we tried switching this new private version to public, this triggered a manual app review ticket. It took 8 days for somebody to approve the new app version.
  • We expected the update to silently roll out. But although this is a minor version update (1.1.16 → 1.1.20), it has to be manually approved by admins in the UPM.

So, changing the base URL of your app, even just the subdomain, is a long process with a lot of gotchas. Switching the base URL between releases, as described by @ademoss in 2019, no longer seems to be viable. (Or did we miss something?)

I’d expect to have a clear documentation about that process from Atlassian. @hari, can you point us to where we can learn about that or put it on Atlassians todo list?

4 Likes

https://developer.atlassian.com/platform/marketplace/changelog/#CHANGE-1181

2 Likes

Oh nice. I missed that one. This stream of changelogs is hard on me :wink:

Still, it does not mention that the update has to be approved by an admin. That should be added somewhere.

1 Like