Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,363,997
Community Members
 
Community Events
168
Community Groups

Is there any validity for the refresh token

Edited

There is no expiry time provided for refresh token in this documentation (https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/#OAuthonBitbucketCloud-Refreshtokens).

Or will the refresh token stay without expiry ? 

 

Will this answer still holds true ? https://community.atlassian.com/t5/Answers-Developer-Questions/Does-the-oauth-2-refresh-token-expire/qaq-p/574230

1 answer

1 accepted

1 vote
Answer accepted
Vishwas Community Leader Jan 04, 2022

Hey @jeyanthi 

Refresh tokens don't expire. I guess answer holds good as I found another thread which had the same link as mentioned used in the answer https://community.atlassian.com/t5/Bitbucket-questions/Does-the-refresh-token-obtained-through-the-OAuth-2-0-for-Apps/qaq-p/1417743

Regards,

Vishwas

@Vishwas what is the point of using refresh token as its non-expired, can just access & secret token would be fine for authenticaiton ? any ideas on that ?

Vishwas Community Leader Jan 04, 2022

Hey @jeyanthi 

For authentication yes access token and secret is used.

Refresh tokens are just credential artifact which allows client application to get a new access tokens without having to ask the user to log in again. 

Let me explain in detail about refresh token and working. 

A refresh token is a special token that is used to obtain additional access tokens. This allows you to have short-lived access tokens without having to collect credentials every time one expires. You request a refresh token alongside the access and/or ID tokens as part of a user's initial authentication and authorization flow. Applications must then securely store refresh tokens since they allow users to remain authenticated.

For clients such as native apps, persistent refresh tokens help improve a user's authentication experience. For example, persistent refresh tokens allow a user to access streaming video services on their smart TV without signing in after they complete the initial device authorization. 

Regards,

Vishwas

Like Arun VS likes this

Thanks for the detailed answer @Vishwas 

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events