What would be best practice around re-issuing user’s access token?

Jira Development

brikme September 18, 2018, 12:57pm #1

My web app automatically checks for the new modification or new issues with the jira after certain interval(each 25 minutes).

Now, Access token gets expired within an hour.

So What would be best practice around re-issuing user’s access token?

Should I continuously make call to get the access token using a cron job? Or
I get new access token right before checking for each modifications ?

Thank you.

tobitheo September 18, 2018, 11:57pm #2

in the atlassian-connect-express library, Atlassian …

caches access tokens together with their expiry time (which you can get from the JWT or the HTTP headers I think)
Upon sending a request, they check if the previous access token expired.
- If it did, then they fetch a new one and put it in the cache,
- otherwise they use the old token for the request.

See https://bitbucket.org/atlassian/atlassian-connect-express/src/f434e5a9379a41213acf53b9c2689ce5eec55e21/lib/internal/oauth2.js#lines-121 .

I remember the Stride Node.js Client Library did the same. I would infer from that, that this is the way to go.

Hope this helps!
Cheers,
Tobi

1 Like

brikme September 18, 2018, 11:57pm #3

Thank you. that’s really what I was looking for.

Have a good day.