Last updated Nov 30, 2024

Adopt Forge from Connect on AGC

On This Page

    Only Forge apps can be installed on AGC sites. As such, to support customers in AGC, existing Connect apps need to adopt Forge.

    This page describes the AGC-specific changes you need to apply to a Connect app that is currently being adopted to Forge. See How to adopt Forge from Connect for detailed information about converting a Connect app to Forge.

    AGC URLs

    An AGC app should be configured to use the appropriate federal URLs of Atlassian services.

    Connect app installation key server

    When your app is installed in an AGC tenant, the initial app installation call will be signed with a private key from the key server, for example: https://connect-install-keys.atlassian-us-gov-mod.com. You'll need to use this key server to verify that the installation is correctly signed. Alternatively, you can also use https://asap-distribution.us-west-2.prod.atl-auth-us-gov-mod.net for this purpose.

    Connect app impersonation token

    If your app has the ACT_AS_USER scope and you wish to allocate an impersonation authorization token to it, your app will need to request that token from https://oauth-2-authorization-server.services.atlassian-us-gov-mod.com.

    Atlassian Connect JavaScript client library

    Your app's front end will need to load the Atlassian Connect JavaScript client library from a dedicated CDN at https://connect-alljs-cdn-bifrost.frontend.cdn.atlassian-us-gov-mod.com/assets/all.js.

    Security Policy

    Your app must enable the Content Security Policy header. To do this, include https://*.cdn.atlassian-us-gov-mod.com as a trusted source for script-src and style-src. This will allow your Connect app to load the required resources from the Connect CDN.

    Connect framework

    Update to the latest Connect app framework, as it allows your app to support AGC with minimal effort.

    Apps using these frameworks recognise federal tenants based on its baseURL, which follows the pattern *.atlassian-us-gov-mod.net. These frameworks will use the appropriate federal instances of our services automatically.

    If you're using your own approach to building your app, you'll need to use a similar strategy to that used by these frameworks. You can inspect the code for these frameworks to determine the change appropriate to your build. If you currently block install attempts for tenant baseURLs outside of a small acceptable set, you'll need to add the new AGC tenant pattern to that set.

    Rate this page: