Hello, we use Oauth2 to link our application to Jira Server/ Data center. Some users of our customer sometimes get an exception when getting the refresh token (invalid refresh token). there are some exceptions in the log:
2023-09-24 17:43:56,541+0200 Caesium-1-4 INFO ServiceRunner [c.a.r.internal.configuration.ConfigurationLoggerJob] Periodic rate limiting configuration log. System rate limiting settings: [SystemRateLimitingSettings(mode=OFF, bucketSettings=TokenBucketSettings(capacity=50, fillRate=10, intervalFrequency=1, intervalTimeUnit=Seconds), jobControlSettings=SystemJobControlSettings(reportingDbArchivingJobFrequencyDuration=PT1M10S, reportingDbRetentionPeriodDuration=PT24H, bucketCollectionJobFrequencyDuration=PT5M, bucketCleanupJobFrequencyDuration=PT15M, settingsReloadJobFrequencyDuration=PT1M))]
Line 2701: at com.atlassian.jira.security.xsrf.XsrfTokenAdditionRequestFilter.doFilter(XsrfTokenAdditionRequestFilter.java:46)
Line 2735: at com.atlassian.pats.web.filter.TokenBasedAuthenticationFilter.doFilter(TokenBasedAuthenticationFilter.java:82)
Line 2739: at com.atlassian.oauth2.provider.core.web.AccessTokenFilter.doFilter(AccessTokenFilter.java:81)
Line 3023: at com.atlassian.jira.security.xsrf.XsrfTokenAdditionRequestFilter.doFilter(XsrfTokenAdditionRequestFilter.java:46)
Line 3057: at com.atlassian.pats.web.filter.TokenBasedAuthenticationFilter.doFilter(TokenBasedAuthenticationFilter.java:82)
Line 3061: at com.atlassian.oauth2.provider.core.web.AccessTokenFilter.doFilter(AccessTokenFilter.java:81)
In our case, the user’s Atlassian account password has not been changed and the refresh token sent was valid and has not expired as per described in the OAuth 2.0 apps documentation (e.g 90 days Inactivity expiry time for instance)
We use google-oauth-client library for the OAuth 2.0 authorization standards and here is our code:
RefreshTokenRequest refreshTokenRequest = new RefreshTokenRequest(new NetHttpTransport(),
new JacksonFactory(),
new GenericUrl(oauthApplicationInstance.getTokenUrl()),
oauthUserTokens.getRefreshToken())
.set("client_id", oauthApplicationInstance.getClientId());
if (oauthApplicationInstance.getClientSecret() != null) {
refreshTokenRequest.set("client_secret", oauthApplicationInstance.getClientSecret());
}
if (oauthApplicationInstance.getResource() != null) {
refreshTokenRequest.set("resource", oauthApplicationInstance.getResource());
}
// Make sure that we ask for a JSON response.
refreshTokenRequest.setRequestInitializer(httpRequest -> httpRequest.getHeaders().setAccept("application/json"));
LOG.debug("Sending access token request.");
CustomTokenResponse tokenResponse = refreshTokenRequest.executeUnparsed().parseAs(CustomTokenResponse.class);
if (tokenResponse.get("error") != null) {
LOG.error("Error in token response: {}", tokenResponse.get("error"));
LOG.error("Details: {}", tokenResponse.toPrettyString());
return null;
}
return initializeOauthAccessToken(tokenResponse);
NB: Our custom uses rate limiting and the clustering for his Jira data center
Any ideas/answers that can help us is greatly appreciated.
Best,
