Auto Generate Refresh Token for JIRA for Authorization Code Flow
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
We are using ServiceNow to JIRA integration which has OAuth authentication mechanism(Authorization Code Flow), we recently ran into the issue where our refresh token got expired and we were not able to access the JIRA project.
I need to know
1. Do we need to manually re-create a refresh token every 90 days ; or is there a way to auto fresh the token or refresh_token gets auto refreshed after 90 days with no manual intervention
2. Updates flow into JIRA from Servicenow with which ID? Is it the ID which we use for generating the refresh token \?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @GargiO !!
1. Refresh token expiry
You do not need to manually recreate the refresh token every 90 days if the integration is actively used.
Jira uses rotating refresh tokens:
Each time ServiceNow refreshes the access token, Jira issues a new refresh token
ServiceNow must store the latest refresh token
If the refresh token is not used for 90 days, it expires and you must re-authorize manually
So expiry usually happens when the integration is idle or the rotated refresh token is not saved.
2. Which ID is used to update Jira
Updates from ServiceNow to Jira run under:
The Jira OAuth app
And the Jira user who authorized the OAuth consent
The refresh token is tied to that authorizing Jira user, not to a Jira project.
That user must remain active and have access to the project.
Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for.
Thank You
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @GargiO ,
Refresh token behavior (OAuth 2.0 – Authorization Code Flow)
You do NOT need to manually recreate the refresh token every 90 days, as long as it is actively used.
In Atlassian (Jira) OAuth:
Refresh tokens are rotated.
Each time ServiceNow uses a refresh token, Jira issues:
a new access token
a new refresh token
The new refresh token must be stored and used next time.
If the refresh token is not used for ~90 days, it expires, and manual re-authorization is required.
Best practice
Ensure your ServiceNow OAuth profile is configured to persist the newly returned refresh token after each refresh call. If this is working correctly, no manual intervention is needed.
Which Jira user performs the updates?
All updates from ServiceNow to Jira are performed as the Jira user who authorized the OAuth connection.
This is the same Jira account used to generate the authorization code / refresh token.
Jira audit logs and issue history will show changes made by that integration user, not the ServiceNow instance or individual ServiceNow users.
Best practice
Use a dedicated Jira “integration user” (not a personal account) to:
avoid token expiry due to inactivity
maintain clean audit trails
prevent access loss if a user leaves the organization
Summary:
No need to recreate refresh tokens every 90 days if token rotation is handled correctly
Refresh tokens auto-rotate when used
Token expires only if unused for ~90 days
Jira updates run under the OAuth-authorized Jira user
This aligns with Atlassian OAuth 2.0 (Authorization Code Flow) standards and common ServiceNow–Jira integration behavior.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Ok I see; ServiceNow Jira OAuth (Authorization Code flow).
1. Refresh token expiry
Note: You normally don’t need to manually recreate the refresh token every 90 days. ServiceNow automatically refreshes the access token and also stores the new refresh token that Jira returns (Jira uses rotating refresh tokens).
If you ran into an expired refresh token, it usually means one of these happened from experiance:
The integration wasn’t used for a long time
The refresh token rotation didn’t get saved properly
The Jira account used for auth was disabled or its permissions changed
In those cases Ive seen a one-time reauthorization is required but its not something you should have to do regularly.
2. Which user updates Jira
All updates from ServiceNow to Jira are done as the Jira user that authorized the OAuth connection.
So yes; it’s the same user that was used to generate the authorization code / refresh token.
Best practice is to use a dedicated Jira service account not a personal user so tokens don’t break when someone leaves or changes roles.
In short
Automatic token refresh is expected in ServiceNow
Manual reauthorization should only be occasional
Jira updates run under the OAuth-authorizing Jira user
Hope this helps clarify what youre seeing.
@GargiO - Please mark as Accepted Solution and Thumbs Up if you fins Helpful!!
