Hi,
I am currently implementing a generic Confluence Application Link with OAuth2 as described here.
In general my Groovy script that should consume the Rest API of Confluence has access via OAuth2 access token and is able to get a new access token with a refresh token.
But right now I don´t know how to verify if the current access token is still valid or should be refreshed when running the script.
I wonder if there is a OAuth2 Rest Api method for Atlassian products like mentioned here, to do such a verification. Unfortunately I did not find any hint in the Atlassian docs about this. I hope that this can be done on-the-fly and not in a way like storing the "expires_in" attribute during the generation of the access token and perform the validation against this stored attribute.
Thanks in advance & best regards,
Christian
in my opinion you need to invoke one of the rest api provided (as a test) using your access token and based on the response your script can figure out if the token is still valid or if a new token need to be generated again.
Fabio
Hi Fabio,
I already headed in that direction and found that checking the response for something like "access denied" might not be reliable/specific enough.
In my specific situation I ended up in an infinite loop because I just fetched the exception from the Rest API Client and then triggered the refresh. But as the exception was thrown because of another reason the refresh did not succeed and so it repeated again and again ... No I stand at the point of decision: response check vs. specific token verification. And I´d still prefer the specific verification if possible.
I actually thought that explicitly checking/verifying the status of an access token would be pretty obvious and I wonder why this is not possible with Atlassian´s Rest API - whereas it seem to be available with other Rest API Solutions like Google, Microsoft, etc.
What do you think?
Best Regards, Christian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.