Scopes broken i Forge?!?

The scopes mechanism seems broken in Forge.
The documentation doesn’t describe what the tooling reports as errors and possible solutions.
The ‘forge lint’ reports one thing and points to a page https://go.atlassian.com/forge-permissions which states something else.

Catching an error and logging it also reports an error with some other information.

This mess needs to be fixed ASAP as it is stopping development.

We need to have a working development environment, where documentation and tooling reflects the actual state and can be relied upon. Having to spend days troubleshooting the environment instead of developing our app is not acceptable.

I’ve reported the specific problem here: [FRGE-632] - Ecosystem Jira
and also shared a small Forge app here: GitHub - fredrikattebrant/forge-access-example

I really hope there is a quick resolution to this.

Thanks,
Fredrik

Hi @freatt

Sorry for the confusion, it looks like you have run into the problem described here: Deprecated Scope Warning

For the time being, it should be possible to ignore the warning and continue to develop with the existing scopes documented on developer.atlassian.com.

Please let me know if you are unable to develop your app and I will escalate to the internal team handling this roll-out for assistance.

Hi @HeyJoe

To be able to work I’ve had to comment out the code that calls the following REST API:

/rest/api/3/users/search

as I’ve not been able to find a way set a scope allowing that call.
Error message is:

INFO    2022-02-21T12:12:30.500Z 12081c85-4225-435d-9ef0-ad667a3b76d3 getUsers =>  {
errorMessages: [
'Access to the resource was denied due to missing scope grants. Your app was granted the following scopes: [read:jira-work, read:user:jira, offline_access, read:me].\n' +
'The resource can be accessed by having one of these groups of:\n' +
'  * current scopes: [read:user:jira, read:application-role:jira, read:avatar:jira, read:group:jira]\n' +
'  * deprecated scopes: [read:jira-user]\n'
]
}

Thanks,
Fredrik

@freatt please try adding the read:jira-user to list of scopes in your manifest - it should unblock the endpoint for you. From the message it sounds like you have the read:user:jira declared in manifest but not the read:jira-user (those are technically two totally different scopes).

To clarify what the error message means:

  • expected scopes for this endpoint are [read:user:jira, read:application-role:jira, read:avatar:jira, read:group:jira] (app needs all of them)
  • it is also possible to access the endpoint with just read:jira-user

Jira APIs are already ahead with rollout of new scopes so it’s a bit futuristic state - due to situation explained in Deprecated Scope Warning. Because of that Jira already suggests that read:jira-user is deprecated (which technically is not yet true as the deprecation did not started yet).

2 Likes

That did the trick … back on track again. :smiley:

Thanks,
Fredrik

2 Likes