For the first time in five years since first listing, one of our Connect apps has required an additional scope to be added to its descriptor (“ACT_AS_USER”).
According to Upgrading and versioning cloud apps, an increase in scopes is considered a minor version update which requires customer approval:
Even though your app is automatically updated in the Marketplace, certain scenarios require customers to manually approve your app’s update in the UPM. These changes correspond to minor version updates in the table above. In these cases, we automatically send emails to the product administrator so they can approve and update the app.
As I write this, the timeline is:
- The new app descriptor (with increase scopes) was deployed approximately 19 hours ago
- Marketplacebot detected the new descriptor approximately 30mins after deployment, and automatically created the new minor Marketplace version.
- In our production Confluence instance, the Manage Apps page shows the new update available
Wearing our “product administrator” hat, we haven’t upgraded our own instance to the new version yet, as we wanted to experience the customer approval process for ourselves.
It has now been 18.5 hours since the new version was first available, and we have not yet received an email asking us to approve the new scopes/version for our own instance.
Our app logs indicate that there have been no hits to our
/installed endpoint since the new version was created; which we’re assuming means that either:
- No customers have received the approval email; and/or
- No customers have chosen to update to the new version yet
I appreciate that it is a weekend (and even a long weekend here in Sydney); so this could be expected.
If anyone else has experience with increasing the scopes of their apps, as a product administrator, how long should we wait to receive the approval email before we start getting concerned?
To be clear, the app still functions using the previous descriptor; so we’re not too worried at this stage.
Normally for automatic upgrades, we see these start rolling in shortly after the Marketplacebot detects the new descriptor; so we would have expected that emails to product admins asking them to approve the new version would have been received by now.