You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I am currently implementing a generic Confluence Application Link with OAuth2 as described here.
In general my Groovy script that should consume the Rest API of Confluence has access via OAuth2 access token and is able to get a new access token with a refresh token.
But right now I don´t know how to verify if the current access token is still valid or should be refreshed when running the script.
I wonder if there is a OAuth2 Rest Api method for Atlassian products like mentioned here, to do such a verification. Unfortunately I did not find any hint in the Atlassian docs about this. I hope that this can be done on-the-fly and not in a way like storing the "expires_in" attribute during the generation of the access token and perform the validation against this stored attribute.
Thanks in advance & best regards,
in my opinion you need to invoke one of the rest api provided (as a test) using your access token and based on the response your script can figure out if the token is still valid or if a new token need to be generated again.
I already headed in that direction and found that checking the response for something like "access denied" might not be reliable/specific enough.
In my specific situation I ended up in an infinite loop because I just fetched the exception from the Rest API Client and then triggered the refresh. But as the exception was thrown because of another reason the refresh did not succeed and so it repeated again and again ... No I stand at the point of decision: response check vs. specific token verification. And I´d still prefer the specific verification if possible.
I actually thought that explicitly checking/verifying the status of an access token would be pretty obvious and I wonder why this is not possible with Atlassian´s Rest API - whereas it seem to be available with other Rest API Solutions like Google, Microsoft, etc.
What do you think?
Best Regards, Christian