The scopes mechanism seems broken in Forge.
The documentation doesn’t describe what the tooling reports as errors and possible solutions.
The ‘forge lint’ reports one thing and points to a page https://go.atlassian.com/forge-permissions which states something else.
Catching an error and logging it also reports an error with some other information.
This mess needs to be fixed ASAP as it is stopping development.
We need to have a working development environment, where documentation and tooling reflects the actual state and can be relied upon. Having to spend days troubleshooting the environment instead of developing our app is not acceptable.
Sorry for the confusion, it looks like you have run into the problem described here: Deprecated Scope Warning
For the time being, it should be possible to ignore the warning and continue to develop with the existing scopes documented on developer.atlassian.com.
Please let me know if you are unable to develop your app and I will escalate to the internal team handling this roll-out for assistance.
To be able to work I’ve had to comment out the code that calls the following REST API:
/rest/api/3/users/search
as I’ve not been able to find a way set a scope allowing that call.
Error message is:
INFO 2022-02-21T12:12:30.500Z 12081c85-4225-435d-9ef0-ad667a3b76d3 getUsers => {
errorMessages: [
'Access to the resource was denied due to missing scope grants. Your app was granted the following scopes: [read:jira-work, read:user:jira, offline_access, read:me].\n' +
'The resource can be accessed by having one of these groups of:\n' +
' * current scopes: [read:user:jira, read:application-role:jira, read:avatar:jira, read:group:jira]\n' +
' * deprecated scopes: [read:jira-user]\n'
]
}
@freatt please try adding the read:jira-user to list of scopes in your manifest - it should unblock the endpoint for you. From the message it sounds like you have the read:user:jira declared in manifest but not the read:jira-user (those are technically two totally different scopes).
To clarify what the error message means:
expected scopes for this endpoint are [read:user:jira, read:application-role:jira, read:avatar:jira, read:group:jira] (app needs all of them)
it is also possible to access the endpoint with just read:jira-user
Jira APIs are already ahead with rollout of new scopes so it’s a bit futuristic state - due to situation explained in Deprecated Scope Warning. Because of that Jira already suggests that read:jira-user is deprecated (which technically is not yet true as the deprecation did not started yet).
