Possible to use system token for REST API calls in forge app?

Hi there,

I currently have an OAuth 2.0 app that I created to create issues on behalf of our users. We are trying to also create a flow where we can create the issues on behalf of our application “Tunnel”. I’m aware this flow is not possible in the current implementation of OAuth 2.0 by the Atlassian team, but was made aware that it could be possible in a Forge app.

Our ideal flow would be as similar to the OAuth 2.0 as possible. User clicks link on “Tunnel” site, redirected to Atlassian to log in, sent back to our callback.

I’m struggling to implement this with the Forge app. Right now I am sending users to an installation link, having them click a button in the Admin page of their Jira dashboard, which calls an invokeRemote to our backend. This request gives us a systemUserToken that I’m trying to find the refresh_token for.

Long winded way of asking, how would you implement my desired flow if possible? And if it’s not possible, how should I alter my current implementation to achieve the ability to create Jira issues from our own backend, without interaction from the user every 60 minutes?

Thanks for reading,


Hey Ryan,

Sorry for the slow response. Holidays and all :christmas_tree: :slightly_smiling_face:

Unfortunately what you’re after isn’t quite supported by Forge remote as you’ve found. There is no refresh_token for that systemusertoken. At the moment we only support synchronous use cases where a user is interacting with the (Forge) UI of your app or a product event occurs and you get that short lived access token.

We are designing the next phase where you will be able to request a new access token on demand. But that doesn’t help you right now.

What you could potentially do is create a web trigger that you could call from your remote app to create the issues on behalf of the app. I’m sorry it’s another workaround on top of a workaround but it would work I think :upside_down_face: