I’ve got a user using our application (https://sunsama.com). All requests for projects, tasks, or anything always return a 403 Forbidden.
My current hypothesis is that their workspace admin has disabled third party access to Asana’s API as part of these features in the Admin Console but the OAuth flow still goes through.
Questions:
What are the implications on response errors when the various admin settings are enabled?
Is there a way to test with an enterprise account or get one comped by Asana for application development?
Is there a way to know when an OAuth token is granted but it’s not going to actually work due to admin level settings?
What are the implications on response errors when the various admin settings are enabled?
You’ve seen them! If an external app is blocked by the admin controls, you’ll get 403’s as you’ve seen.
Is there a way to test with an enterprise account or get one comped by Asana for application development?
That’s a question for the Asana developer relations folks. @sasha_f@John_Vu
Is there a way to know when an OAuth token is granted but it’s not going to actually work due to admin level settings?
No, because those are currently dealing with two separate access concepts. OAuth is at the user account level - that is, when an Asana user grants OAuth access to an external app, they are granting access to all organizations/workspaces that user has access to.
In contrast, the admin access settings are done at the organization/workspace level.
In other words, a user with two orgs in their account could grant OAuth access to your app. Maybe you have access to one of them, but the other one is blocked by admin controls.
Hi @Ashutosh_Priyadarshy, you may request a developer sandbox and request an enterprise tier sandbox in order to play around with the enterprise control features.