All customers got "invalid refresh token" 30 days after enabling rotating refresh tokens?

Hi all, we noticed an issue last night where we suddenly got a flood of errors from all our customers with Jira integrations installed. This was the error:

{“error”:“invalid_grant”,“error_description”:“Unknown or invalid refresh token.”}

We had enabled rotating refresh tokens almost exactly 30 days ago (Nov 30), since that was the old deprecation date. It had been working well up to this, we’d create a new token pair and swap out the old refresh token with the new one and save. This seemed like it was caused by something else, like an absolute lifetime of the refresh token?

Let me know if anyone has any insight. Had to reach out to 40 customers asking them to re-authenticate their apps today, doesn’t make for a good customer experience to have to do this regularly.


Hi @gabriel1 ,

I believe you already got the in another thread (below). I am just pasting the link in here so that other users might be able to find the answer too: