How to configure options for a rotating refresh token?

DevelopersDashworks · June 16, 2023, 6:48pm

Hi,
We are building apps for Jira and Confluence which use OAuth2.0 for authentication. I came across a documentation which summarizes 3 different configurations available for rotating refresh tokens.
All of these refer to the Auth0 documentations which explain how we need to go to Auth0 dashboard to be able to configure rotating refresh tokens, but we don’t use Auth0 or have an account/dashboard for that matter. How can we change the refresh configuration to support the 10 minutes “Reuse interval or leeway” rotation as mentioned in the link?

We also tried this approach: Superseded: 31 January 2022 - Action required - Deprecating persistent refresh tokens
It suggests the following:

Select your integration in the developer console.
Select Authorization .
Select Use rotating refresh tokens from the refresh token options.
Save your changes.
but Authorization doesn’t seem to have any rotating refresh tokens options available, perhaps the blog is outdated.

Can someone please guide us on the right way to go about this?

ibuchanan · June 16, 2023, 9:59pm

Welcome to the Atlassian developer community @DevelopersDashworks,

Thanks for pointing out the problems in the docs. I think the blog does have the answer you need:

In short, if you create a new OAuth 2.0 client with Atlassian, it will have rotating (not persistent) refresh tokens.

AndrewMackler · December 5, 2024, 3:45pm

I don’t think your response addressed the specific question about editing the configuration settings:

All of these refer to the Auth0 documentations which explain how we need to go to Auth0 dashboard to be able to configure rotating refresh tokens, but we don’t use Auth0 or have an account/dashboard for that matter. How can we change the refresh configuration to support the 10 minutes “Reuse interval or leeway” rotation as mentioned in the link?