Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to store & use access token & refresh token in oAuth 2.0 for persisting the logged in state

I am able to generate an access token & refresh token for every user who allows access to their Jira account and then call the Jira apis using the access token. I'd like to persist the logged in state for every user indefinitely and for that I am using the refresh token. Following is the flow of the process:

  1. User allows access to his Jira acc.
  2. Jira provides auth code which can be used to fetch access token and refresh token
  3. This access token can be used to call apis from jira.

My question is: Since I want to keep the users state logged in indefinitely, where can I store the tokens and what would be the flow?

My current solution is to store the refresh token in the db as a key value pair where key is the user info (user id) & value is refresh token. Then I can generate new access token if it is either null or expired(Access token will be null when the user logs out of my application and logs back in). Also, I'd have to update the access token in the localStorage everytime it is expired or the first time when it is null so that can be achieved by sending new access token generated in api response. Is this flow correct? I'd like to know the standard process.

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you