-
Type:
Suggestion
-
Resolution: Unresolved
-
Component/s: Directory - Service Accounts
-
None
-
6
Currently, OAuth 2.0 client secrets used for Atlassian service accounts do not have an expiration date and remain valid unless manually revoked.
The customer would like to have an expiry date for these OAuth credentials as Atlassian recently introduced a maximum one-year validity for API tokens, which helps enforce better security hygiene.
The customer request that Atlassian introduce a configurable expiry mechanism for OAuth 2.0 client secrets similar to API tokens, allowing organization admins to set expiration dates or enforce automatic rotation policies.