Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Is there any validity for the refresh token

Edited

There is no expiry time provided for refresh token in this documentation (https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/#OAuthonBitbucketCloud-Refreshtokens).

Or will the refresh token stay without expiry ? 

 

Will this answer still holds true ? https://community.atlassian.com/t5/Answers-Developer-Questions/Does-the-oauth-2-refresh-token-expire/qaq-p/574230

1 answer

1 accepted

0 votes
Answer accepted

Hey @jeyanthi 

Refresh tokens don't expire. I guess answer holds good as I found another thread which had the same link as mentioned used in the answer https://community.atlassian.com/t5/Bitbucket-questions/Does-the-refresh-token-obtained-through-the-OAuth-2-0-for-Apps/qaq-p/1417743

Regards,

Vishwas

@Vishwas N M what is the point of using refresh token as its non-expired, can just access & secret token would be fine for authenticaiton ? any ideas on that ?

Hey @jeyanthi 

For authentication yes access token and secret is used.

Refresh tokens are just credential artifact which allows client application to get a new access tokens without having to ask the user to log in again. 

Let me explain in detail about refresh token and working. 

A refresh token is a special token that is used to obtain additional access tokens. This allows you to have short-lived access tokens without having to collect credentials every time one expires. You request a refresh token alongside the access and/or ID tokens as part of a user's initial authentication and authorization flow. Applications must then securely store refresh tokens since they allow users to remain authenticated.

For clients such as native apps, persistent refresh tokens help improve a user's authentication experience. For example, persistent refresh tokens allow a user to access streaming video services on their smart TV without signing in after they complete the initial device authorization. 

Regards,

Vishwas

Thanks for the detailed answer @Vishwas N M 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

⭐ Calling all Bitbucket and DevOps experts: Special showcase opportunity ⭐

Hi, Bitbucket community! Are you a DevOps practitioner (or know one in your network)? Do you have DevOps tips, tricks, or learnings you'd like to share with the community? If so, we'd love to hea...

1,440 views 4 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you