Request for update on absolute OAuth token lifetime

@atlassian @Nir and the OAuth team: May I ask for a follow-up on the absolute OAuth token lifetime that was announced about nine months ago. I would like to know if there has been any progress on eliminating this limitation?


About nine months ago, Atlassian changed its OAuth implementation from persistent refresh tokens to rotating refresh tokens. As part of that change, an absolute lifetime for OAuth tokens was introduced, which would mean all customer OAuth tokens would break after one year.

Unfortunately, at that stage, we could not get any guarantees from Atlassian that they would fix this problem, and we were told the work would take around nine months:

1 Like

Hi @tbinna ,

@Nir has moved to a new role/team so I’m trying to find the right person to follow this up.


1 Like

Hi @tbinna ,
Atlassian is currently migrating all the auth clients to native OAuth provider. With the native implementation, as long as the clients are rotating the refresh token, they won’t have to worry about absolute lifetime. The migration is ongoing and will be finished in 2 weeks time.