Refresh_token is not returning


I created an App in developer console to integrate my test app via OAuth 2.0.
I configured permissions on ‘Jira platform REST API’ and set Refresh token behaviour as ‘Use rotating refresh tokens’.

Getting authorization code and Exchanging authorization code for access token were successful.
However, when I tried to get refresh token by adding ‘offline_access’ to the scope parameter of the authorization URL, it does not return refresh token, it returns (authorization) code and status. Same response with or without ‘offline_access’. If I test the code with, then it says ‘{“error”:“invalid_grant”,“error_description”:“Unknown or invalid refresh token.”}’

authorization URL:${YOUR_USER_BOUND_VALUE}&response_type=code&prompt=consent

I searched several postings on this community but could not find resolution.

Are there any missing steps in App configurations?
Or are there any pre-requisites on the web page of callback URL to get refresh token?

How can I get the refresh token?
Can you please provide detail steps and samples on how to get refresh token?

Thanks in advance.

Hi @ChanheunJeon ,

To retrieve the first refresh token, the request to perform after the consent screen returned the code is the following where the code is used as YOUR_AUTHORIZATION_CODE:

curl --request POST \
  --url '' \
  --header 'Content-Type: application/json' \
  --data '{"grant_type": "authorization_code",
  "client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET",
  "code": "YOUR_AUTHORIZATION_CODE", "redirect_uri": "https://YOUR_APP_CALLBACK_URL"}'

This is the format for exchanging an authorization_code for an access token. When the offline_access is requested in the consent request, the request above will return both an access token and a refresh token:

HTTP/1.1 200 OK
Content-Type: application/json

  "access_token": <string>,
  "refresh_token": <string>,
  "scope": <the requests scopes including the offline_access>
  "expires_in": <expiry time of access_token in second>

The refresh_token value can then be used to generate another access token and refresh token in the future with the following request:

  --url '' \
  --header 'Content-Type: application/json' \
  --data '{ "grant_type": "refresh_token", "client_id": "YOUR_CLIENT_ID", "client_secret": "YOUR_CLIENT_SECRET", "refresh_token": "YOUR_REFRESH_TOKEN" }'

Hope this helps,

Thanks Caterina.
Thanks to you, I can resolve this!!

A post was split to a new topic: Refresh token expire after 36000 seconds