In OAuth 2.0 if my access token expires to get a new access token, I don’t have a refresh token.
In Step 2 :
curl --request POST \
--url 'https://auth.atlassian.com/oauth/token' \
--header 'Content-Type: application/json' \
--data '{"grant_type": "authorization_code","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","code": "YOUR_AUTHORIZATION_CODE","redirect_uri": "https://YOUR_APP_CALLBACK_URL"}'
Requirement
I want to integrate Jira service desk Rest API’s with my chat bot application. To do so I enabled OAuth 2.0 and I am able to do get and post calls. However the access token I receive is a bearer and expires in hour.
Problem
According to the documentation
OAuth 2.0 there are 2 ways to get new access token when it expires but initiating the entire authorization flow from the beginning again does not make any sense to me.
But to follow Step 2 I don’t have any refresh token. Kindly help me
1 Like
Hi @ToniyaSundaram,
A refresh token can be returned with the access token in your initial authorization flow. To do this, add the offline_access scope to the scope parameter of the authorization URL.
You can find out more about this topic from one of our FAQ - How do I get a new access token, if my access token expires or is revoked?
Thanks
Could you give a bit more detail about the scope?
The doc says that “Only choose from the scopes that you have already added to the APIs for your app in app management” but I can’t find any service with offline_access.
Thanks!
Hi Team,
Any update on this , i am also facing same issue even after adding offline_access scope to authorization url ?
urldecoded sample url
Log in with Atlassian account read:jira-user read:jira-work manage:jira-webhook&redirect_uri=${REDIRECT_URI}&state=${STATE_VALUE}&response_type=code&prompt=consent
resonse token
{
access_token: ‘token’,
scope: ‘manage:jira-webhook read:jira-work’,
expires_in: 3600,
token_type: ‘Bearer’
}
with no refresh token
I’m having the same issue. Any luck?
@HemanthKodandarama and @ThomasBing,
How odd. For refresh token, you should get offline_access back when you ask for it. In @HemanthKodandarama’s diagnostics, I can see the response doesn’t have that. Could you maybe remove access for your connected app and retry the authorization flow?
Still not working for me. I get just the code and the state back
my decoded URL is also “scope=offline_access read:…” with the space (%20) splitting each scope
@ThomasBing,
What happens when you exchange the code for an access token? Do you get the same response as Hemanth above?
I’m not sure what I changed to fix this but it’s working now 
Thanks for the speedy response though! After revoking the token the first time (with the link you sent) I still had the same issue - but second time round it worked! I must’ve done something silly after the first attempt. Thanks again!
1 Like
