Where do I Initially obtain a refresh token for Jira?

I’ve added offline_access to my scopes for the '/authorize' endpoint but then the documentation says to pass a refresh token to '/oauth/token' but don’t I get the refresh token from this endpoint? I’ve added

"grant_type": "refresh_token"
to my request but it says it’s missing the refresh_token, but that’s what I’m trying to get from this endpoint in the first place… the documentation here is very in-explicit. Where do I get the refresh_token initially?

@GideonDanielFelt On your initial auth URL request (the one that initiates the 3LO dance), you need to add offline_access to the scope query parameter.

Example: https://auth.atlassian.com/authorize?audience=api.atlassian.com&client_id=your_client_id&scope=offline_access%20read%3Ajira-user&redirect_uri=https%3A%2F%2Fyour-redirect-url&state=${YOUR_USER_BOUND_VALUE}&response_type=code&prompt=consent

This will return the auth code and state parameters to your redirect URL. When you exchange that auth code on the call to https://auth.atlassian.com/oauth/token, in addition to receiving the access token, you’ll also get a refresh_token.

1 Like

I passed “grant_type”: “access_token”
instead of “grant_type”: “authorization_code”
its working now.

1 Like