Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources
  • Community
  • Q&A
  • Jira
  • Questions
  • Jira OAuth 2.0 (3LO) access token getting expired within 10 minutes (returns 401 Unauthorized)

Jira OAuth 2.0 (3LO) access token getting expired within 10 minutes (returns 401 Unauthorized)

gopal guna
gopal guna November 4, 2025

Hi Team,

I’m working on some automation using Jira Cloud REST APIs with OAuth 2.0 (3LO) authentication.
My integration performs various site-level operations like creating issues, updating project settings, issue type schemes, workflows, etc via Jira Rest APIs

The flow I’m following is:

  • Generate an access token and refresh token using the OAuth authorization code flow.
  • Use the access token for REST API calls.
  • When the access token expires, I use the refresh token to generate a new pair of access token and refresh token and update the old refresh token with the new refresh token as it got expired within 10 minutes.

However, I’ve noticed that sometimes the access token gets expired or becomes invalid within just 10 minutes, even though its exp field indicates a validity of 1 hour.
After that, any API calls start failing with 401 Unauthorized.

I wanted to understand:

  1. Does Jira Cloud intentionally expire or revoke access tokens earlier than their expected lifetime?
  2. Can this happen if a new refresh token is generated somewhere else (causing the previous access token to become invalid)?
  3. Is there any specific recommendation to handle this scenario gracefully in automation workflows?

Would appreciate any insights or confirmation from others who’ve faced similar behavior.

Thanks,
Gopal G

Answer
Watch
Like Be the first to like this
505 views

1 answer

0 votes
Sunny Ape
Sunny Ape
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 4, 2025

Hello @gopal guna 

Does Jira Cloud intentionally expire or revoke access tokens earlier than their expected lifetime?

Nope.

Can this happen if a new refresh token is generated somewhere else (causing the previous access token to become invalid)?

Yep

Is there any specific recommendation to handle this scenario gracefully in automation workflows?

Don't refresh the same OAuth token in multiple or concurrent workflows.

View More Comments
gopal guna
gopal guna November 5, 2025

Hi @Sunny Ape ,Thanks for the clarification! 

Just to confirm my understanding, When we use a refresh token to generate a new pair of access and refresh tokens, Jira Cloud immediately invalidates the old refresh token (which makes sense).

But does this also mean that all access tokens issued using that old refresh token are revoked instantly as well?

In other words, if multiple workers are still using the access token that was originally generated with that refresh token, will those ongoing API calls start failing with 401 Unauthorized right after a refresh occurs?

I’m trying to confirm whether this is the expected OAuth 2.0 (rotating refresh token) behavior in Jira Cloud, so that I can adjust my automation logic accordingly.

Thanks again for your help and clarification!


Gopal G

Like
Sunny Ape
Sunny Ape
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 5, 2025

I have provided the answer in the other thread where you duplicated that question.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security