I agree with @tbinna in that there has been a number of new announcements and back and forth over some unclear implementation details throughout this comment section that are very worrying to our team. Due to this coupled with the fact that things are still being actively worked on by the Atlassian team a week out, I think taking a step back to analyze vendor impact and summarizing all that has been discussed in a new change notice would be greatly beneficial and reduce the risk of negatively impacting vendor customer experience and possibly breaking applications. Possibly even waiting until the new OAuth migration to be finished.
In regards to the newly announced Absolute lifetime, we have a similar use case to @adam.markham in that a user authorizes and then sets up long running automations that they don’t give further input on once they are setup and running. Those automations are then used and relied on by a wide number of other users and our app has been built assuming a user will never need to re-auth. Imposing a new absolute lifetime would be a massive blocker for us in trying to facilitate re-auth and communicating this to customers. I understand that it is a limitation of Auth0, but it is also a newly imposed restriction that we have never had to consider until now.
It sounds like the OAuth migration may get done within 9 months, but if it doesn’t and extends past the first 1 year Absolute lifetime period then we are going to be faced with a huge negative impact to customer experience that we will need to figure out how to mitigate.