OAuth error oauth_problem=token_rejected
Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Problem
When accessing content provided by the other application via an application link, you are prompted to authenticate, even though you have already authenticated in the past.
The following appears in the application log:
1
oauth_problem=token_rejected
Diagnosis
Environment
Two applications are connected together using Application Links
The authentication method used is OAuth
One of the application is using OAuth 2LO with "Execute As" via Incoming authentication.
Cause
The user has established an OAuth authentication token before, however on the remote the token is missing. This can be because of:
The user has manually revoked the OAuth token at the other end
The Application Link OAuth configuration was changed at the other end, triggering all OAuth tokens to be removed
After this warning appears once, the token will be discarded and the user will be prompted to re-authenticate, so besides the inconvenience, this should not cause any further problems.
If you use 2-Legged OAuth (2LO) with an "Execute As" user, you are encountering the bug - APL-1310 - Using OAuth "Execute as" will still ask for authentication
If you use 2-Legged OAuth (2LO) with an Impersonation, you shouldn't get the warning message.
Solution
Resolution
Re-authenticate to get a new token. This should happen the next time an application requires user authorization.
Was this helpful?