Hello!
Asana’s API authorization framework will be changing later this year, and your app may be affected.
When a user authorizes an app today, they grant access to all of their workspaces. Later this year, Asana users who are members of multiple workspaces will be required to select a workspace when they authorize OAuth apps. This means it will be possible for Asana users to authorize an app in only a subset of their workspaces. We are introducing these controls so our customers can be more intentional about where they authorize an app.
We’ve created an FAQ page with more detail about this change. This page should help you learn how your app might be affected and what to do about it. If you have an active OAuth app, please take a look!
Here is a quick summary of the change:
- User authorizations will now be scoped to a single workspace by default.
- Existing OAuth tokens will retain the exact same API access they currently have.
- If you take no action, existing tokens will continue to work.
- Going forward, if a user chooses to authorize your app in multiple workspaces, we will add new authorizations to the existing OAuth token. One user token can continue to have multiple workspace authorizations, but we will not grant authorization to all of a user’s workspaces by default.
- If a user wants to authorize additional workspaces, they will need to do so by revisiting the OAuth consent flow.
- This change will be rolling out in late summer 2023. We will give more explicit timeline guidance in the coming weeks. This message is to help you understand how your app might be impacted and plan for the coming change.
- Developers will have the option to test this change prior to our launch. More guidance will follow.
Last note, only a minority of our users belong in multiple workspaces. The vast majority of users only have a single workspace and for these users, there will be no change. If your app is only being used by a single workspace, then no change is required.
Thanks for building with Asana!
The API team at Asana