RFC-71: Improving Connect to Forge and Forge Platform Upgrades

RFCs are a way for Atlassian to share what we’re working on with our valued developer community.

It’s a document for building shared understanding of a topic. It expresses a technical solution, but can also communicate how it should be built or even document standards. The most important aspect of an RFC is that a written specification facilitates feedback and drives consensus. It is not a tool for approving or committing to ideas, but more so a collaborative practice to shape an idea and to find serious flaws early.

Please respect our community guidelines: keep it welcoming and safe by commenting on the idea not the people (especially the author); keep it tidy by keeping on topic; empower the community by keeping comments constructive. Thanks!

Summary of Project:

Some partners who are looking to Adopt Forge from Connect have identified the need for a major update as a blocker. This RFC shares some of the exploration we’ve undertaken to assess how we could make the journey from Connect to Forge a seamless, minor update for apps which do not need to elevate their permissions.

For the purposes of this RFC, a major version/update reflects an admin-approved update and a minor version/update reflects a non-admin-approved update.

Please note that this RFC is not a commitment to all of the controls defined, but is rather seeking feedback to ensure have considered the needs of your apps. Once we have a confirmed and finalised set of guardrails, we will publish these to partners.

  • Publish: 2024-10-17T13:00:00Z
  • Discuss: 2024-10-31T13:00:00Z
  • Resolve: 2024-11-14T13:00:00Z

Problem

As Connect apps move to Forge and start adopting Forge modules, they are required to add egress permissions, remotes and additional scopes. The addition of each of these properties results in a new Forge major version today. In addition to this, the first move from Connect to Forge is currently a major version update for all existing customers. The combination of these results in potentially multiple major version updates, requiring customers to approve the app’s update the first time it moves to Forge and each subsequent time it adds new Forge features.

Given customers may opt to not update their apps, partners are subsequently left in a position where active installations of their app are still loaded from their existing services. If that app opts to preference Forge capabilities, they will still be left in a position where they must either continue to maintain and deliver the previous Connect service, or they may need to switch off these services and manage the change/communication of a need to update to existing customers who have not yet updated.

Note: We appreciate that there are other challenges and constraints with app updates, however this RFC focuses wholly on the adoption of Forge from Connect and the implications of updates on that process.

Proposed Solution

Updating from Connect to Forge

This section details the considerations, constraints and approaches for handling the upgrade from the Connect version of the app to Forge version.

Scopes

Connect utilised implied scopes, where the declaration of DELETE would also inherit READ and WRITE scopes. Forge’s OAuth 2.0 scopes are declarative and each scope which is going to be utilised must be declared.

Where the Forge scopes (either classic or granular) are inheriting the same actions of the Connect scope via their expressed verbiage, that update would be deemed a minor update.

For example, a Connect app which had a WRITE scope declared would otherwise have both READ and WRITE in Connect via inheritance. This app could declare the following classic or granular scopes without incurring a major update (Note: this is not an exhaustive list, just an example):

  • read:jira-work (Classic Scope) - “Read Jira project and issue data, search for issues and objects associated with issues like attachments and worklogs.”
  • write:issue:jira (Granular Scope) - “Create and update issues.”
  • write:comment:jira (Granular Scope) - “Create and update issue comments.”

The same app would not however be able to adopt the following scopes, as they may elevate its permissions to actions which is aligned with a DELETE scope which the app did not previously have declared:

  • write:jira-work (Classic Scope) - “Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues.”
  • delete:issue:jira (Granular Scope) - “Delete issues.”

In a similar manner, if the Connect app were to declare an elevation of Connect scopes when moving from Connect to Forge, it would be deemed a major update. Only the Connect scopes which were previously present, a subset of them, or no Connect scopes would contribute towards an automated update.

The declaration of any additional Forge-specific scopes when moving from Connect to Forge will not be assessed as part of this upgrade and can be declared without any impact to version determination.

Our current mappings (which are subject to change) can be found here: Equivalent Connect to Forge OAuth2 Scope Mappings (Proposed)

Remotes, Content Permissions, Fetch Permissions and External Permissions

The addition or declaration of these properties will not have any bearing on an app’s version determination when upgrading from a Connect version to a Forge version.

Update Duration

Similar to the progressive rollout of Connect minor updates, these updates will be staggered over a period between 24 to 96 hours. During this duration, customers will still be provided with the ability to manually update their apps to the latest version.

Staged Migrations

We understand that some partners may want to stage the update process to test on their own sites to ensure that things are working as expected, or to reduce the rate of update requests. This update process will inherit similar controls to our current rollout, in which partners can request a staged migration.

Apps which have already moved from Connect to Forge

Connect to Forge updates are retrospective, in that they will compare the installed version of the Connect app with the latest version of the Forge app. Subsequently, once we have confirmed and finalised these guardrails, apps could move to Forge with confidence that customers on their existing major version would be automatically updated at a later date.

Where apps have already moved from Connect to Forge and have utilised Classic scopes where they otherwise required Granular scopes to align to the above requirement; they can deploy a new version of their Forge app and existing customers will be assessed against that version at their next scheduled check.

Updating on Forge

This section details the considerations, constraints and approaches for handling the upgrade of a Forge version of an app (potentially with Connect modules) to another Forge version.

Scopes

Where a Connect scope is still declared in the Forge app, it will inherit the scope considerations outlined in our current mappings when adopting a subsequent Forge scope while moving from Connect to Forge.

While we do not immediately plan to support a similar mechanism when adopting Granular Scopes to Classic Scopes, it is a consideration which we would appreciate feedback on. The following is a hypothetical example if we were to also implement this.

Forge’s OAuth 2.0 scopes come in two types - classic and granular. Where a newly declared Forge granular scope is inheriting the same actions of the classic scope via its expressed verbiage, that update would be deemed a minor update.

For example, a Forge app which had a write:jira-work could declare the following granular scopes without incurring a major update (Note: this is not an exhaustive list, just an example):

  • write:issue:jira - “Create and update issues.”
  • write:comment:jira - “Create and update issue comments.”
  • delete:issue:jira - “Delete issues.”

The same app would not however be able to adopt the following scopes, as they may elevate its permissions to actions which is aligned with a manage:jira-configuration scope which the app did not previously have declared:

  • write:project:jira - “Create and update projects.” (This is aligned to manage:jira-configuration)

As long as no elevated scopes are present, the removal of any scopes would also be deemed a minor update of an app.

Remotes, Fetch Permissions and External Permissions

As Connect modules are inherently remote, if one or more Connect modules are present, the addition of new Remotes, Fetch Permissions or External Permissions will be reflected as a minor update . This reflects the opportunity to extend and replicate your existing front-end via Forge modules.

If a broader permission (i.e. ‘’ or '.domain.com’) is defined as a Fetch Permission or External Permission, the inclusion or modification to a domain which is a subset of the previously permitted permission to the same permission group will be reflected a minor update. This may be coupled with a requirement to remove the broader reaching permission.

Content Permissions

The introduction or inclusion of new content permissions will not invoke a new major version and will be reflected as a minor update.

Update Duration

Updates which result in changes to remotes, content permissions, fetch permissions and external permissions would be immediately reflected across all sites (similar to a minor update). Any updates which modify the scopes of an app would be progressively rolled-out over 24 - 96 hours to all sites.

Preflight Update Check

It can be difficult to distinguish when a change to your manifest will result in a major update - you must either familiarise yourself with the update criteria, or become aware following a deployment. A preflight capability enables developers to validate if a deployment will result in a major update prior to deploying their app.

Delivery Sequence

We are proposing that support for Forge minor updates are delivered prior to Connect to Forge minor updates; or that these are delivered concurrently.

As Forge minor updates do not provide retrospection, the delivery of Connect to Forge minor updates first would result in customers being updated from Connect to the first Forge version, then being stuck on that first Forge major version.

Corollary, by delivering Forge to Forge minor updates first, we ensure that any customers who install your new version or update from your previous Connect version will have a minor version pathway. Once Connect to Forge minor versions are made available, existing customers who had not yet updated would be caught up.

Example Adoption Pathways

Adoption before any milestones are delivered

Once we’ve published our finalised guardrails, apps can start to move with confidence , knowing that any installations on a previous Connect major version will be moved to Forge once the minor update capability is delivered. Any updates on Forge may still be major versions, however this will predominantly be seen by new customers, or those who have already updated from the previous Connect version.

Adoption once Forge minor updates are delivered

Similar to above, apps can have confidence in adopting early as previous Connect major versions will be assessed against the latest Forge version. This ensures that any changes in Forge would become minor versions, supporting new customers and those who have updated.

Adoption once all milestones are delivered

Once all milestones are delivered, customers will be updated from Connect to the first version of the Forge app delivered. Any subsequent updates would also be minor updates to a newer version of Forge.

Asks

While we would appreciate any reactions you have to this RFC (even if it’s simply giving it a supportive “Agree, no serious flaws”), we’re especially interested in learning more about:

  • Do the scope mappings provided work for your current use cases? Are there any mappings which may result in you experiencing a major version update which seem unreasonable?
  • Does our delivery sequence seem reasonable? Does the above proposal give you suitable confidence to start building (or even publish) a Connect to Forge app once we publish finalised guardrails? At which milestone do you believe you would feel comfortable releasing a Forge version of your app?
  • Can you foresee any significant constraints if egress changes on Forge required an accompanied replacement (i.e. removal) of a Connect module?
  • Some apps may have previous major versions based upon a change in their apiVersion. Would you prefer these to also update as part of Connect to Forge, or would this result in breaking changes to your app?
  • Is there anything you believe we are missing, or which should be reconsidered in the above proposal?
16 Likes

Hi Sean,

Thanks for this RFC, I think it will be really helpfull. I will take a closer look into it later today.
There is one endpoint I know of that may cause issues with the Scope Mapping:

We use it to store our project related configuration

Hey @m.herrmann,

Looking forward to your additional feedback once you have an opportunity to take a closer look at the RFC.

We’re conscious that the proposed mapping page does not include all of the Granular Scopes (particularly for Jira) and we’ll be adding these in the coming day or two.

In the case of this API, it also supports write:project.property:jira. Based upon our proposed mappings, an app would need either PROJECT_ADMIN to inherit manage:jira-project. It also supports the granular scope write:project.property:jira which would indicatively map to WRITE on Connect.

If your app did not have PROJECT_ADMIN or higher (ADMIN), but still had WRITE, then the write:project.property:jira scope would grant access and be inherited.

2 Likes

Hi Sean,

As I read this RFC, I am impressed by the amount of thought that has been put into solving the problem. That having been written, the level of complexity leads me to think that this could perhaps be an XY Problem.

This proposes solving the problem of “how do we allow upgrades from Connect to Forge without requiring explicit admin approvals”. I argue that the bigger problem is “apps need a pathway to always be running on the current app version (whether on Connect or Forge) without requiring manual admin approval, but in a way that maintains enterprise customer trust”.

Atlassian does not let customers run a year-old version of its cloud products. App vendors do not want to be doing this either, but the Atlassian version model forces them to anyway.

The Cloud platform is continually evolving: Atlassian regularly creates new permissions, and sometimes, apps need to adopt those permissions to continue functioning correctly. Despite the Atlassian platform being fluid, apps can easily get stuck on old versions because not 100.0% of admins will upgrade. Plenty of contortions have already been implemented (such as the Forge prior-version minor updates) in order to try to make this more palatable. But still, no vendor actually wants to maintain four different versions of their product because some admins forgot to push a button (especially if Atlassian-forced API changes need to be backported to ’n’ older branches). At best, it is a lot of work. At worst, the old versions cannot work properly and it generates customer complaints.

This was sort of vaguely manageable in Connect since the permissions are broad and the frequency of permission changes was relatively rare, but with the finer-grained permissions in Forge, the problem snowballs. This in itself would make me very reticent to adopt Forge from any Connect app (even just a descriptor migration and nothing else), because you get immediately tied in to the finer-grained Forge permission model (even assuming you are using classic scopes).

I propose that a better solution is to figure out a reasonable pathway (acceptable to vendors and also enterprise admins) to get all apps running on the current version, with the full set of required permissions, within a reasonable period of time. If you solve that problem, I think it automatically solves the specific problem proposed in this RFC, plus a lot of others that vendors have been complaining about for years.

Throwing out some ideas:

  • Let individual admins decide if they want to automatically auto-upgrade apps or not through a configuration option.

  • If admins do enable auto-upgrade, let them decide if they’re OK with automatically upgrading permissions within a limited set of scopes only (for example, if the app has the equivalent of Connect READ permission only, then auto-allow the app to inherit permissions to READ any other object type, but don’t allow auto upgrades to WRITE-type permissions). Or perhaps the admins can also decide that they want to automatically accept all permission upgrades. Maybe there are also options to consider here related to accepting Forge egress permissions and other sensitive features.

  • For permission changes that are not auto-approved by config setting, give admins a (say) 14-day review period to review the proposed upgrades (while the app is still running the prior version with old permissions). Also allow the admins themselves to decide what to do if the delay expires without action on their part: either disable the app (until the change is manually approved later), or auto-upgrade upon expiration of the review period. This ensures that, after a certain window, there are no active apps running old code, and it allows admins to tailor the upgrade strategy to their security policies.

  • Nag product admins sufficiently during the review period to get them to take action (and continue nagging afterward if there are disabled apps). This might include sending emails, banners in the UPM or the fancy new admin app interface, pop-up flags on the dashboard when admins log in, etc

  • Have CCP (or whatever) enforce that new permissions be accepted before letting the “renew” button be clicked for an app.

I recognize that this effort would likely exceed the presumed scope of responsibility of the Forge team that is responsible for writing this RFC. Regardless, I still think it is the right thing to do and that it would be worth the effort to coordinate.

27 Likes

I think @scott.dudley proposal is the right way to go.
The Atlassian platform semi/auto upgrades, and so should apps.

2 Likes

There are always some cases where the administrator has left the organization. Some way to “force” the upgrade will always be necessary for those cases.

4 Likes

What @MattDoar said. For example, I know this is not the same, but anyone who’s ever tried to get useful data from technical or billing contacts in MPAC knows that half of that data is invalid.

Always assume the worst.

4 Likes

There really should be a force upgrade option (the number of instances that have old "versions’ is scary). Now that could be handled if there was a way for the addon manager not to be forgotten (ie in-app notifications to the administrators).

The contact email address that vendors are provided through the marketplace reports are very low quality (especially since they get a lot of spam so they’ll just redirect them all – not us though – we only provide high quality emails :wink: )

6 Likes

Agree with Scott. I’m at 25 Forge apps now. Can confirm it’s an unmanageable mess:

  • customers do not manually update apps, period.
  • every permission scope change triggers a major upgrade which requires manual update.
  • required permission scopes have been changed by Atlassian multiple times in past few years.
  • many Forge packages have been deprecated and require permission scope changes to migrate.
  • regression testing doesn’t appear to be done on older Forge packages which now throw errors.
  • the developer console spams you with error log emails for all these old versions.
  • there is no API or context variable to identify what app version is currently running, so developers can’t deploy their own in-app messaging, eg “update app to continue”.
  • the “backporting” feature only allows minor upgrades and is a wholly inadequate solution.
4 Likes

Hey @scott.dudley,

Really appreciate the thorough and well thought out response.

With regards to upgrades, there are three core problems which are experienced today:

  1. The ability to discover and identify when a new update is available for an app.
  2. The frequency in which customers update their apps.
  3. The frequency in which updates occur.

I agree with your sentiment that there are better approaches and while we do hope to explore the decoupling of versions/updates and the associated permissions, this is some time off. This RFC is exploring potential mechanisms which could enable and support apps moving to Forge in the short to medium term, eliminating all of the core problems which have been defined above occurring from the change.

With that said, I do want to explore some of your suggestions (which are great) just for completeness.

This addresses the discoverability constraint above. Today, admins only discover an update is available when either:

  • they visit the Manage Apps page
  • they receive an email notifying them of a change (if they are subscribed)
  • they receive an update or a call to action within the app

We recently ran an experiment against a small cohort of customers which introduced a “X Updates” lozenge alongside app surface area to admins when an update was available. The results were promising, but not significant.

One of the key challenges with time-bound updates is the processes which have been established by larger, enterprise customers. We have seen circumstances where customers review updates periodically (i.e. every month, 3 months, 6 months, etc.) and may have significant or robust reviews associated with them; particularly where an elevation in permissions has occurred.

Similarly, there are partners who may be willing to accept the risk of managing or running older versions, given that there is revenue attributed to those customers still. A generic approach may not be applicable or suitable to all marketplace partners and their businesses.

While it’s outside of the scope of this RFC, a better approach may be empowering partners to determine what to do in the circumstance of their prior versions. For example, if given the option to disable or remove installations of a significantly old version, would you opt to enact this?

This suggestion is great as it solves all three problems pro-actively ,where a customer is willing to accept any associated risks. I’ll share this back internally with the appropriate teams.

In addition to the above, I do want to flag that we’ve been through a similar transition with a lot of our Atlassian Labs apps and have had a few learnings as part of this process. For example, with My Reminders:

  • We have multiple customers on previous major versions. As part of this migration, we added a ?forge QSP to any Connect modules which were loaded in the Forge app. Where this was not present, we’d render a call to action to users/admins noting that they needed to upgrade to the latest version.
  • After our deprecation window, we updated our existing service to return a static CDN response page noting that customers will need to move to the latest version to continue using the app.
5 Likes

Hey @MattDoar,

Today app management is fully isolated to the site instance and is managed by a site or product admin. Due to this, the risk which you’ve noted is appreciable and can occur. @JuliaDaehne has recently published details about changes happening to app management which elevates app management to admin.atlassian.com. This means that it is now also available and under the purview of Organisational Admins.

1 Like

Thanks for the detailed RFC. I appreciate the steps taken and ideas came from it.
Reading it I think it will ease the Forge adoption from Connect.

I also agree with Scott, that RFC is a great starting point and the ecosystem would greatly benefit from seeing this as the initial stepping stone where other improvements will follow to also make it easier to manage in the long run.

2 Likes

Hi @SeanBourke

Thanks again for your active engagement on this RFC, and for your detailed response! I have a few comments:

I assume “promising but not significant” means improving the conversation rate, but not a huge change. This sounds like a good step, but I imagine that less-subtle reminders would also produce higher levels of engagement (especially if there were a deadline related to approving app upgrades).

Although I threw out the idea of 14 days, I suspect that even a six month review period would be (grudgingly) acceptable. It is probably worth asking some larger Marketplace vendors: for me, although six months is not ideal, it is still far better than the current timeline of “until infinity”, and supporting old stuff for six months feels manageable.

If Atlassian goes down this route, maybe it could do some gatekeeping of any such duration setting (eg. allow enterprise customers to set up to 6 months, but allow only 30 days or something for regular customers). This would force all customers to either approve the permission changes or disable the app within the specified period, and thus move the majority of sites within a smaller period of time.

Allowing Marketplace vendors to opt into a “force upgrades within X days or disable” seems fine by me, so long as there is a reasonable push to customer admins to act, with increasingly-urgent reminders as the time draws closer. But does “auto-disablement” necessarily have to result in any revenue impact? See below.

These are potentially good tips. From a higher-level perspective, this feels effectively the same thing as “automatically disabling the app if no upgrade approved after X days”. Except that everyone has to roll it from scratch themselves, and you are constrained to nagging the admins only within the visible surface area of the app.

Also, if My Reminders were a paid app, there would have been no revenue impact to doing this because the customer would still be “using” an app that does nothing except display the upgrade page. (Would Atlassian really credit customers for its own paying app once an instance started displaying this type of page?)

If Atlassian feels a moral obligation not to charge customers for an app that is currently disabled, perhaps this becomes a gating item for CCP renewal. Still, disabling would not be the same thing as unsubscribing: vendors still need to provision resources for and potentially store data of apps even when they are disabled, so some amount of service is still being provided and resources are being expended even when an app is in that state, and it does not feel unreasonable to charge something for this.

The alternative is to allow customers to run years-old apps that do not even work and/or are insecure, or those that simply display “disabled” pages, but I am unclear if this would be substantially better (either legally or morally).

8 Likes

Hi Sean,

I think it is a good step in the right direction and the pathway seems good. I would like to have:

  • A tool that would take a list of Connect scopes and create the list of Forge scopes (C&P and done).
  • A way to see which tenant has which versions with which scopes

Thanks,
Leo

2 Likes

Should we inform customers they’re running insecure versions of our apps because Atlassian doesn’t consider their security in scope?

I thought that Forge was secure :thinking:

Hey @SeanBourke - I appreciate that this has clearly had a lot of thought go into it, thank you and the team(s) you’ve worked with.

I agree with @scott.dudley’s “taking a step back” message and would be very interested in pursuing that conversation in parallel, or after, the work covered by this RFC.

In general: this proposal looks great and will help us.

I’ll ask someone else to dig into the details of it and get back to you on your specific questions.

2 Likes

Hey @scott.dudley,

Once again, thanks for the comprehensive and thoughtful response.

This discussion has spurred a lot of conversations internally about our need to approach this problem holistically longer term. While I can’t commit to any future changes or improvements (as this RFC is predominantly focused on how we expedite a capability to Connect to Forge), I can assure you that there will likely be some further exploration spurred off the back of this RFC.

5 Likes

Thank you for the detailed RFC, @SeanBourke. The issue with releasing major versions really affects us, and I’m sure it’s become a big blocker for Forge migrations.

I think the approach Atlassian suggests here poses the risk of things becoming more complicated or, at the very least, more error-prone. I want to take the chance to suggest an alternative:

Optional/Switchable Egress and Scopes for Forge Apps

tl;dr: Always roll out major updates but disable new scopes for existing installations.

What if Atlassian introduced optional egress and optional scopes for Forge apps? This way, customers could use an app without having to grant all permissions upfront. It would be similar to iOS permissions—an app only asks to access the camera when you actually need it for something.

This change could solve these problems:

  1. Atlassian promotes Cloud products by saying customers are always on the latest version, which keeps things secure. But this doesn’t apply to apps right now.
  2. The current inflexible way of defining scopes forces partners to define broader scopes than needed in many cases. (POLP)
  3. Many apps won’t be eligible for the Runs on Atlassian program. While many apps run on Atlassian’s infrastructure, some still need egress rules that are only required by a subset of customers. Example: apps that embed services (like YouTube, Loom, or Google Calendar) but don’t depend on them as their main function. The same applies to apps that connect to a URL the customer defines, which even require a dangerous wildcard * in the manifest.yml.
  4. As outlined above, the current pattern slows down Forge adoption by causing a major update.

Proposed Solution:

With optional (or switchable) scopes, Atlassian could release new (major) app versions to all customers automatically, but with new scopes or egress permissions turned off by default for existing installations. This would still ensure that every customer is always on the newest version.

If the app calls APIs or hosts and the specific scopes/egress rules are not enabled, they’d receive a specific HTTP status.

Also, Atlassian or app partners could inform admins with a message like, “App XY has been updated but needs extra permissions to unlock all features.”

Needed Functionality:

  1. Partners could see which scopes are enabled or disabled per installation in the developer console. This would help with support requests.
  2. An API would allow partners to check which modules/scopes are active in-app, similar to the current app access rules.
  3. Partners could explain why certain scopes are needed in the manifest.yml, similar to permission explanations in Chrome extensions, so customers can understand why they might want to enable specific scopes.
  4. Partners could also flag scopes as ‘crucial’ when they are necessary for the app to work. Those scopes would be automatically activated for new installs. For existing users, critical updates would remain off until they choose to enable them.

I’m sure I forgot something. I’m also sure that implementing this would be a lot of work. However, I think the suggested approach, while tedious, could lead us in a more future-proof direction.

Thanks for reading this.

Cheers,
Julian

12 Likes

Thank you so much @SeanBourke for setting up this RFC, really appreciate the level of detail this has already been thought about.

One thing I would ask you to reconsider would be regarding the UNMAPPED mappings. For example, delete:group:jira should be mapped to the ADMIN Connect scope. Even though the “delete group” operation is not available when using Connect, the ADMIN scope with its description “Administer the Jira site.” should cover the adoption of this operation. I’m guessing there were technical reasons why Connect apps did not get access to some of the new UNMAPPED operations and not because the Connect scope description wouldn’t cover those?

While I agree that when transitioning to Forge, those Connect apps would gain access they didn’t have before, why not include those operations if there’s no harm being done? Hypothetically, if there would be two identical “Bulk Delete for Jira” apps, one with Forge using the manage:jira-configuration Scope and one with Connect using the ADMIN scope, the Forge one would now have a competitive advantage if the app could leverage the “delete group” operation without asking its users for additional scopes.

Also, in this case, it looks like the Connect app could claim manage:jira-configuration because it used to have ADMIN scope and get access to the “delete group” operation when using classic scopes. For other scopes (e.g. the Confluence classic scope write:confluence-groups) this workaround doesn’t seem to be available however. Connect apps should still be able to gain access when moving to Forge since it is covered “via their expressed verbiage” of the Connect scopes.

4 Likes