Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

how to access auth token in forge app resolver?

ankit jangid
ankit jangid
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 23, 2025

I have carefully reviewed the Forge documentation and understand that user/app authentication tokens are accessible within Forge remote backends. However, I am seeking to access an authentication token directly within a resolver, thereby eliminating the need for an external backend solely for token retrieval. While I am aware that asApp() and asUser() suffice for making calls to product APIs without explicit authentication tokens, my objective is to obtain a bearer authentication token to call other Atlassian APIs. Is there a method to access such a bearer authentication token within a Forge app?

Answer
Watch
Like Be the first to like this
40 views

2 answers

0 votes
Tim Pettersen
Tim Pettersen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 23, 2025

@Lucas Modzelewski _Lumo_ is correct — you can't extract the token used by `asApp()` or `asUser()`.

@ankit jangid may I ask which other Atlassian APIs you're attempting to call?

If the API does not support OAuth scopes, you can instead:

- generate a personal access token and set it as a Forge environment variable (use the `--encrypt` flag given it's a credential)

- override the `Authorization` header on the request to use the access token

However this will mean the app will authenticate with the API as the user you generated the access token for.

Please also note that this is also only suitable for apps that you're deploying for use in your own organisation. Our Security Requirements prohibit Marketplace Apps from soliciting API tokens from users. 

Hope this helps!

Tim

Reply
0 votes
Lucas Modzelewski _Lumo_
Lucas Modzelewski _Lumo_
Atlassian Partner
July 23, 2025

You can’t directly access the user’s OAuth/JWT/bearer token in Forge resolvers (for security reasons) - that’s by design in the Forge platform.

The actual token is never exposed to your app code or frontend, so it can't be leaked or misused.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security