Expiry of refresh token - Jira Cloud oAuth2 3LO grants

I’m also seeing this issue. I switched my app to use the rotating refresh tokens as recommended, and my app stores the new refresh token when receiving a new access token.

My app syncs with JIRA twice a day. What I notice, is that it works for a period of time (a week, to a month), and suddenly it doesn’t, and the user has to reconnect the app with JIRA.

@alonsabi I am seeing the same behavior. See this post

It appears that the expiry does not apply to the individual refresh token, but the chain of tokens generated after the user initiates the OAuth2 flow. I see a repeatable pattern of the rotations working for exactly 30 days, followed by a 403.

Still waiting on a response from Atlassian… We may have to fall-back on OAuth1, since it is pretty unreasonable to ask app users to periodically re-auth.

1 Like

I can see @alonsabi @KevinGreenan @ArtiomVasiliev @anon12976859 @HossamAhemd @DanielSadilek you experience similar problems as the one described in my latest thread:

I haven’t found a solution yet, but I am digging into @tbinna’s idea. He suggested, that the problem actually starts one token refresh request earlier when the response from auth.atlassian.com is missing the refresh_token property.

The latest official info I was able to find was in this massive thread:

If I understand @Nir’s statement, this is actually a bug that makes all the refresh tokens invalid after 30 days regardless of whether they are used/rotated or not.

Sadly, the above does not explain the missing refresh_token property in some of the responses.

Is this going to be fixed any time soon?

Hi, I meet the same problem. have you found the solution?

2 Likes

Did you find the way?

Did you find the way?

Have you found the solution?

I got the same error.Please give me a solution if you found out.

[18:20] Jenil Kukadiya

Issue with Jira API integration: Updating Refresh Token after Periods of Inactivity

In my code, I’ve integrated with the Jira site using the API https://auth.atlassian.com/oauth/token. The logic in my code aims to update the refresh token after 15 days of token inactivity and store this new refresh token for subsequent use. However, I’ve encountered an issue where, after a certain period of inactivity, my application disconnects from the Jira site. Could you please assist me in identifying the potential issues within my code that might be causing this disconnection?

I’m experiencing the similar issue. I have receiving this error message.

Invalid Refresh token

There is some explanation of the possible cause of the issue on this page https://developer.atlassian.com/cloud/jira/software/oauth-2-3lo-apps/#faq1 but this does not help either.

Do we have any updates with this?

We have logs of exchanging refresh token, one thing i noticed is that I’m getting old refresh tokens which are exchanged for new refresh token again. Can any dev look into this as this is causing frequent invalidation of the tokens. @nmansilla
Attached image of the logs Im examining
The refresh token that i received is already exchanged earlier].