Why does Forge autoUserConsent still ask for user consent?

KokSingHew · January 15, 2024, 8:48am

I’ve added the autoUserConsent: true in our app’s manifest. Despite this, the consent prompt still appears, and following it results in an “Access denied” error in a new tab.

Our app requires both JSM and Jira permission scopes (read:servicedesk-request and read:jira-work). We’re testing the app with a user who has a Jira User license and a JSM Customer license.

Expected behavior: The user should be able to access the content of the module without encountering the consent prompt.

Current behavior: Despite setting autoUserConsent: true, the user consent prompt is still displayed. After clicking “Allow access”, the user is redirected to a new tab with an “Access denied” error.

Moreover, I also encountered this warning in the terminal console:

/app/manifest.yml
53:4    warning  The autoUserConsent feature flag is no longer required to use automatic user consent and should be removed from the manifest.  deprecated-property

I’m wondering if there’s a specific setup or additional configuration required for autoUserConsent to function properly, or if this might be a bug. Any insights or suggestions you could provide would be greatly appreciated.

Thanks!
Kok Sing

ppasler · January 15, 2024, 9:14am

@KokSingHew maybe you ran into this problem: Allow Forge app scopes to be optional when product isn’t available ([FRGE-1193] - Ecosystem Jira)

AdamMoore · January 15, 2024, 7:39pm

Yeah, you’ve run into this bug which we’re tracking under this ticket FRGE-1232 Atlassian Accounts who have non JSM License cannot access Forge apps as unlicensed users.

This is something we’re looking into at the moment. Unfortunately I don’t have an ETA on a fix yet because we’re still deciding on the right way to solve it. Follow that ticket for any updates though.

takafumiohtake · March 22, 2024, 7:38am

Hello @AdamMoore

We’re currently in the process of developing a JSM module introducing the read:servicedesk-request scope. However, after implementing the code, we’ve come across reported issues related to the JSM scope, such as https://jira.atlassian.com/browse/ECO-87 and [FRGE-1319] - Ecosystem Jira.

Given that our application utilizes both Jira and JSM scopes, we’re concerned that our app may be impacted by these issues. However, during our attempts to replicate the problems with our app, we found that Jira users who are also JSM customers can still utilize the app. Specifically, while user consent is required, the app functions without encountering an access denied page.

With this in mind, I have a couple of questions:

Has the access denied issue reported in [FRGE-1319] - Ecosystem Jira already been addressed?
Can Forge apps that utilize both JSM and Jira scopes operate seamlessly for all JSM agents, JSM customers, Jira users, and anonymous users?

Looking forward to your response.

Our manifest:

permissions:
  scopes:
    - read:jira-work
    - write:jira-work
    - manage:jira-project
    - manage:jira-configuration
    - read:jira-user
    - read:servicedesk-request
    - storage:app

AdamMoore · April 10, 2024, 3:02am

Hi @takafumiohtake sorry for the slow reply.

Yes, we did actually solve this issue as a happy side-effect of moving to account-wide grants.

I’ll close [FRGE-1319] - Ecosystem Jira

takafumiohtake · April 10, 2024, 4:20am

Hi @AdamMoore

Thank you for your confirmation.
It’s a great side effect.

We’ll introduce JSM support to our app.