Deprecation notice - OAuth 2.0 endpoint for auth.atlassian.io URL is changing

The Atlassian OAuth 2.0 authorization service that is currently available at auth.atlassian.io is moving to a different URL, oauth-2-authorization-server.services.atlassian.com . Atlassian is consolidating all of our public services under this naming scheme.

What is auth.atlassian.io used for?

The service endpoint is used by Connect apps for requesting access tokens, which are used for user impersonation (making API calls from your backend on behalf of a user). For example, if your app uses the atlassian-oauth2 JavaScript library to exchange a JWT token for a bearer/access token, it is calling this endpoint.

What changes do I need to make and by when?

You need to update all references of the legacy hostname auth.atlassian.io to the new hostname oauth-2-authorization-server.services.atlassian.com.

The new hostname is already in service, and you can transition your apps immediately. If you’re using the library atlassian-oauth2 in Node.js, ensure that you’re on version 0.4.2 or later. Likewise, if you’re using atlassian-connect-spring-boot in Java, check that you’re using version 2.0.4 or later.

The legacy hostname will remain functional until 1st January 2021. The deprecation period will not be extended.

Questions?

If you have questions or need some help, reply here or reach out on the Developer Community forums.

1 Like

@cmacneill does this also affect OAuth 2.0 (3LO) or just the impersonation flow for connect apps?

We are currently using https://auth.atlassian.com/authorize and https://auth.atlassian.com/oauth/token for the 3LO flows.

Is Atlassian Connect Express (ACE) going to be updated to support this change?

6 Likes

does this also affect OAuth 2.0 (3LO

@tbinna, this does not affect 3LO endpoints.

1 Like

Hm, looks like it does not need to be updated, it has “atlassian-oauth2”: “^0.4.1” dependency, so npm should take 0.4.2, but it does not.

Yes, we will publish an updated ACE this week

2 Likes

We have published ACE 4.1.0, which will use the new URL for the oauth-2-authorization-server

It rolls up a few changes including a number of contributions from the vendor community. Thank you for helping us to improve the framework.

I will post a full announcement for this release.

3 Likes