I have completed the OAuth 2 integration and tested that everything works, but I now need to add Refresh Tokens to the authorization flow, so that I can issue queries beyond the short-lived access token.
However, I do not see how to add ‘offline_access’ as a scope parameter. When I go to the Authorization tab, the only field that is modifiable is the Callback URL.
When I go to the Permissions tab, I do not see that scope option amongst any of the API scopes that I can adjust.
I do vaguely recall seeing it on setup, but it seems weird if I need to delete my app in order to add the scope.
Welcome to the Atlassian developer community @ToddAnderson,
The scopes are managed in 2 “layers”. There is the total set of scopes your app can use. While the UI might be confusing at first, I assure you they are mutable without having to delete/recreate an app. Fortunately, offline_access is a “free” scope, meaning every app can use it.
The 2nd layer is what your client asks for in the authorization flow. Specifically, when your client constructs the authorization request URL (on https://auth.atlassian.com/authorize), one of the parameters is scope with a space delimited set of scopes. If your client asked for more scopes than you configured in the app, you would have a problem. But, since offline_access is free, just add it to that parameter, and you should start getting refresh tokens.
Thanks! Got it to work.
Since the Authorization page auto-generates the http request for you, it didn’t occur to me that you could have a different request than what’s on the portal.
1 Like