I recently added a permission to access the provisioning API for Google Apps Marketplace. New users are able to use the features associated with this permission; however, old users are not being prompted to update their permissions as the documentation specifies:
If an application implements a new feature that needs access to additional data, the developer only needs to define the required additional scopes in the application manifest. The domain administrator of each domain that has previously installed the application will be prompted to grant additional access in the Google Apps Control Panel (http://www.google.com/a/).
Applications that need additional data access will display the prompt "Update data access requirements" in the control panel UI. Domain administrators may then click "View and grant access", where they will be shown the additional scopes that are requested. If access to these scopes is approved, the application may then request access to that data.
Has anyone had experience with this working successfully? Where do old users need to go inside the control panel to add the permission? The app didn't previously have any permissions related to it so I have a hunch that might be related to the problem.
Here's an example of what the app manifest looks like to make sure I'm not missing anything obvious there.
<?xml version="1.0" encoding="UTF-8" ?>
<ApplicationManifest xmlns="http://schemas.google.com/ApplicationManifest/2009">
<Name>App Name</Name>
<Description>App Description</Description>
<!-- Administrators and users will be sent to this URL for application support -->
<Support>
<Link rel="setup" href="http://www.example.com/setup?domain=${DOMAIN_NAME}" />
<Link rel="support" href="http://www.example.com/support" />
<Link rel="terms-of-service" href="https://www.example.com/terms" />
<Link rel="privacy-policy" href="https://www.example.com/privacy" />
</Support>
<!-- Show this link in Google's universal navigation for all users -->
<Extension id="navLink" type="link">
<Name>App Name</Name>
<Url>https://www.example.com/register?domain=${DOMAIN_NAME}</Url>
<Scope ref="userFeed" />
</Extension>
<!-- Declare our OpenID realm so our app is white listed -->
<Extension id="realm" type="openIdRealm">
<Url>https://www.example.com/</Url>
</Extension>
<!-- Sets up permissions to access user feed in provisioning api -->
<Scope id="userFeed">
<Url>https://apps-apis.google.com/a/feeds/user/#readonly</Url>
<Reason>This application will allow you to see who's on your domain.</Reason>
</Scope>
</ApplicationManifest>
It turns out the documentation is just outdated. The messaging doesn't show up anymore on the newer control panel. If you click on the settings for the app, the option shows up to accept the new permissions. Hopefully this will help someone that runs into the issue in the future.