Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to use Oauth 2.0 refresh token, avoiding CORS errors

Simon Brandwood
Simon Brandwood
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 18, 2020

I'm attempting to add Jira Cloud access into a web app I'm developing. I (now!) understand the CORS issues with doing this using the rest API. So I've got Oauth 2.0 authentication setup and can happily make access requests, but only for the 3600 seconds of the "expires_in" field. I (now!) understand the idea behind using a refresh token to generate a new access token but this is where I've become stuck.

I can use a refresh token using curl and generate a new access token but only if using curl, when I try from my web app I get the dreaded CORS error:


Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://auth.atlassian.com/oauth/token. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)

So my question is how do I (can I even?) use a refresh token to generate a new access token and avoid a CORS error? I have to use the https://api.atlassian.com/ex/jira/{cloudid}/{api} address when making api calls using oauth. Do I have to use an equivalent address to get a token?

 

Many thanks in advance.

Answer
Watch
Like Be the first to like this
1513 views

1 answer

0 votes
DPKJ
DPKJ
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 20, 2020

@Simon Brandwood Welcome to the Atlassian Community!

I can't provide you with straight away answer (as I develop mostly on Atlassian platform and not on side) to solve this problem but for issues like I prefer Developer community myself.

A similar discussion is going on there - https://community.developer.atlassian.com/t/oauth-2-3l-wont-work-with-local-apps-cors-issue-for-authenticated-apps/24341/8

I hope this helps and give you some meaningful insight.

View More Comments
Simon Brandwood
Simon Brandwood
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 20, 2020

Thanks for the reply. Yes you're right, I'll consider the developer community in future.

I'm not sure the discussion answers my specific question, however, if it helps anyone else, I got around the problem by re-thinking my design (for the better I think). I've abstracted away the Jira integration from my application into a GCP Cloud function where CORS is no longer an issue. Working Jira integration and a cleaner application - win-win!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
TAGS
AUG Leaders

Atlassian Community Events

    See all events