Simplified user consent for Forge (Preview)

AdamMoore · July 10, 2023, 5:19am

Hi everyone, we just announced the preview of simplified user consent for Forge. Please have a look at the Simplified user consent for Forge (Preview) changelog entry for more details.

If you have any questions please drop them in the thread below.

klaussner · July 10, 2023, 7:12am

Thank you so much for shipping this feature, @AdamMoore!

I wanted to test the preview with one of our apps, but I think we need a new version of the CLI/linter that accepts the automatedUserConsent property (6.14.1 doesn’t work):

/.../manifest.yml
1:0     error    app property features should NOT have additional property 'automatedUserConsent'  valid-document-required

JulianWolf · July 10, 2023, 7:46am

Thank you for this update @AdamMoore!

To be honest I’m still a bit scared to try this out first with our Forge app which has over 3000 users who went through that consent screen. I have two questions:

Could you please elaborate a bit on the effect that opting in triggers a major version?

Opting into simplified user consent during the preview period will result in a new major version.

I assume this means that every customer will need to update the app manually in the administration. What will happen to customers that do not update? Will they still be able to use the app and see the old consent screen?

We are using granular scopes because we quickly adopted them after their release. Short after Atlassian revoked the recommendation for that. Have you tested the feature with granular scopes? Do you expect the new consent flow to work the same as for classic scopes?

Thanks,
Julian

Benny · July 10, 2023, 8:17am

Hi @klaussner,

Thanks for testing it out. We had an issue in our documentation that should be resolved in the next 30mins.

Please update your manifest to use autoUserConsent

Let us know how you go.

klaussner · July 10, 2023, 10:32am

Thanks, @Benny. Now it’s working. But I have a question about the consent screen that is shown for the exceptions described in the documentation. It looks like this is the same screen as before and includes permissions that are not related to the user. Why is it still necessary for users to confirm these permissions?

PhilipFeldmann · July 10, 2023, 2:28pm

Hey @AdamMoore,
consent screen still appears for one of our apps. I’ve tried both with existing installations and new installations on a brand new account. The consent screen still appears in either case.

Any idea why?

Thanks!
Philip

mimre · July 10, 2023, 3:12pm

Same for me - consent screen is still appearing for all users.

Is there just a gradual rollout or something?

Thanks,
Martin

chhantyal · July 10, 2023, 3:24pm

@AdamMoore great update, thanks for making this happen.

We have one serious concern though. Why is it major version during preview but just minor version bump when it goes GA in September?

In my opinion, any change is a huge improvement over the status quo. By making it major version, most of the users will be forced to continue using the current horrible flow cause admins need to update it manually. In my experience as app developer, most admins don’t do that.

There is also no way to inform admins about new version for free apps. So it’s going to be impossible to make them all upgrade.

AdamMoore · July 10, 2023, 9:43pm

Hey @chhantyal, it’s just more work we need to do to change the existing behaviour of Forge which will take more time. In an ideal world, we would have released the preview as a minor version change.

We decided to put this out as a preview now, so developers can decide whether to take the major version bump. I think for most people the benefit of removing that friction will be worth it.

Also, for those sites that don’t upgrade, many of the users will have already gone through the consent flow so they won’t be feeling the pain as much as the new customers who are adopting your app for the first time.

AdamMoore · July 11, 2023, 12:45am

Hey Philip, we’ve had a look at the logs for your app and realised we have a bug that affects Forge apps using Connect scopes. We’re investigating now.

chhantyal · July 11, 2023, 7:57am

Thanks Adam, for the response

Your assumption here is not entirely correct, though. The existing users have to go through the consent flow again when there is a new version of the app with manifest changes.

Why is this important? For our app, we did not want to force consent flow again by releasing a new version. So we were waiting for the removal, but now we have tons of features that will only reach users if admins update the app manually because of it being a major version.

Taco · July 11, 2023, 8:46am

Hi @PhilipFeldmann, we’ve fixed the bug that was affecting your app, sorry for the inconvenience this caused.

@mimre can you check your app as well please? If it still doesn’t auto consent, please let me know which app it is (appId) and I can check into it.

AdamMoore · July 11, 2023, 8:55am

Releasing the new verison will require admins to update the app that’s true, but it won’t require every user to go through the consent flow again.

PhilipFeldmann · July 11, 2023, 1:46pm

Thank you, I can confirm it’s working now!

mimre · July 12, 2023, 5:37am

@AdamMoore the app still asks every user to check.
The app id is: ari:cloud:ecosystem::app/fd96c02b-ce98-45eb-920b-3098373b491d the develop version is the one deployed with the new settings.

Benny · July 12, 2023, 7:39am

Hi @mimre,

We validated your app and there isn’t an issue with Auto consent.

If your app does not have a shared status (can view it here: Developer console) and you are not the owner of the App it will not auto-consent with your Forge App on the Dev Environment.

If you enable App sharing you will be able to auto-consent for all environments.

If you are still facing issues, let us know.

Cheers
Ben

mimre · July 29, 2023, 12:28pm

Hi @Benny,

Sorry for the late response. I just checked this out again. Even though I now tried using the staging env, the app still doesn’t auto-consent for non-admin users.

Of course I could share it and install it via that method, but what are the benefits of that over installing it with the forge CLI? Why does the auto-consent not work when installing via the forge CLI?

Thanks,
Martin

Taco · July 30, 2023, 12:00am

Hi @mimre,

The environment (development, staging, production) doesn’t matter, nor does auto-consent matter in this case, it’s just the distribution status that needs to be set to shared before other users than the app developer can use it. (Even if a user were to go through manual consent, it would throw an error at some point that the app isn’t shared)

Also, the distribution status doesn’t mean it has to be in the Marketplace or shared via a link. It’s just a status that tells us that the app is shared with other users than the developer. You can still install it via the CLI.

Cheers!
Taco

mimre · July 30, 2023, 5:46am

Got it - this works.

FYI: When I set a distribution status to shared and the app access has been approved by an admin, then set the distribution status to not shared then it still works for all users without the permission check.

Cheers,
Martin

PhilipFeldmann · August 3, 2023, 8:58am

@AdamMoore @Taco
Auto consent no longer works for our app “Mantra”. I got the consent screen for a new installation on my “appanvil-demo.atlassian.net” instance. A customer reports the same. (It uses connect on forge)

Can you have a look, please?

Thanks!
Philip