Thanks again for your quick response.
I am actually doing:
if (response.refresh_token)
user.refreshToken = response.refresh_token
This handles missing, null and empty refresh_token. But it is not helping.
Despite a single env. app I do have concurrent token refreshes. A user can place a number of my macros on a Confluence page. If she/he opens the page, I am receiving number of concurrent requests that I have to handle in parallel. But, as I believe(d), with the allowed reuse interval set to 10 minutes, and the if statement above this should not be a problem. All these concurrent requests are handled in less than 2 seconds.
What I can do is to save not only the newly received refresh_token but also the response timestamp. Then, I should only overwrite the refresh token if it was delivered later than the one I have in DB.
I was also trying to go back to the permanent refresh token in the OAuth app settings. It was successful in my dev app. Production app throws a very useful “Something went wrong” error message while trying to save this setting.
Anyhow, seems that the root cause is here:
And before they fix that we will continue to have problems at least once per month.