Hi we’re facing an issue with our 3LO App.
We have two use cases:
- login the user - only the user:me scope is required for that
- request additional rights e.g. to create issues/pages
However it seems that when the user logs out and in again, and on login we only request the user:me scope, ALL PREVIOUS SCOPES are removed. Since we cannot know if a user only want’s to login or he/she wants to give additional rights, this means that the user must grant all scopes on every login.
Is this the expected behaviour? How can we realise a “Login with Atlassian” with minimal scopes (which does not remove any previously granted permissions/scopes)?