Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Why does my refresh token become invalid after using another refresh token in the same OAuth app?

gopal guna July 3, 2025

Hi Team,

I'm currently using Jira OAuth 2.0 Authorization Code Flow and I'm trying to understand how rotating refresh tokens work when the same app is authorized multiple times.

Here is what I did:

  1. I authorized the same OAuth 2.0 app twice, which gave me:

    • refresh_token_1 (from the first authorization)

    • refresh_token_2 (from the second authorization)

  2. I used refresh_token_1 to get a new access token and refresh token:

    • I received AccessToken_A and refresh_token_3

    • So now refresh_token_3 should be used for future refreshes

  3. After some time (more than 10 minutes), I used refresh_token_2 (from the second authorization) to get new tokens:

    • I received AccessToken_B and refresh_token_4 successfully

Now when I try to use refresh_token_3 (which was generated from refresh_token_1), I get the following error:

{
"error": "unauthorized_client",
"error_description": "refresh_token is invalid"
}

I expected refresh_token_3 to still be valid because it was freshly generated and hadn't used to generate an access token

My questions are:

  • Why did refresh_token_3 become invalid?

  • Does using a different refresh token from the same client (like refresh_token_2) revoke the previous refresh token chain?

  • Is it true that only one refresh token at a time is valid per OAuth client (app) per user session?

 

Any official guidance or clarification would be very helpful. Thank you!

1 answer

0 votes
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 3, 2025

Hi @gopal guna 

I suggest to raise this question on the Developer Community

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events