Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is there any validity for the refresh token

jeyanthi
jeyanthi January 4, 2022

There is no expiry time provided for refresh token in this documentation (https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/#OAuthonBitbucketCloud-Refreshtokens).

Or will the refresh token stay without expiry ? 

 

Will this answer still holds true ? https://community.atlassian.com/t5/Answers-Developer-Questions/Does-the-oauth-2-refresh-token-expire/qaq-p/574230

Answer
Watch
Like Be the first to like this
1319 views

1 answer

1 accepted

1 vote
Answer accepted
Vishwas
Vishwas
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 4, 2022

Hey @jeyanthi 

Refresh tokens don't expire. I guess answer holds good as I found another thread which had the same link as mentioned used in the answer https://community.atlassian.com/t5/Bitbucket-questions/Does-the-refresh-token-obtained-through-the-OAuth-2-0-for-Apps/qaq-p/1417743

Regards,

Vishwas

View More Comments
jeyanthi
jeyanthi January 4, 2022

@Vishwas what is the point of using refresh token as its non-expired, can just access & secret token would be fine for authenticaiton ? any ideas on that ?

Like
Vishwas
Vishwas
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 4, 2022

Hey @jeyanthi 

For authentication yes access token and secret is used.

Refresh tokens are just credential artifact which allows client application to get a new access tokens without having to ask the user to log in again. 

Let me explain in detail about refresh token and working. 

A refresh token is a special token that is used to obtain additional access tokens. This allows you to have short-lived access tokens without having to collect credentials every time one expires. You request a refresh token alongside the access and/or ID tokens as part of a user's initial authentication and authorization flow. Applications must then securely store refresh tokens since they allow users to remain authenticated.

For clients such as native apps, persistent refresh tokens help improve a user's authentication experience. For example, persistent refresh tokens allow a user to access streaming video services on their smart TV without signing in after they complete the initial device authorization. 

Regards,

Vishwas

Like Arun VS likes this
jeyanthi
jeyanthi January 6, 2022

Thanks for the detailed answer @Vishwas 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events