Cannot re-authenticate OAuth2 App Link after it is revoked in the other app

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Low
    • None
    • Affects Version/s: 10.2.10, 10.2.11
    • Component/s: Platform - Application Links
    • None
    • 1
    • Severity 3 - Minor
    • 1

      Issue Summary

      Revoking the oAuth2 app link token from Jira causes the Confluence App Link data requests to fail for that respective user.

      Steps to Reproduce

      1. Setup Confluence on HTTPS
      2. Setup Jira 11.3.3 on HTTPS
      3. Create an Application link using oAuth2 between the two Atlassian Apps
      4. Create a page on Confluence that has a Jira Issue Macro
        • When the page loads, click on Authenticate with Jira
        • The Jira Issue Macro loads
      5. Now, navigate to Jira and click on Profile » Authorized Applications
        • Locate the oAuth2 token and click Revoke
      6. Back to Confluence, reload the page with the Jira Issue Macro

      Expected Results

      Confluence should ask to re-authenticate the App Link.

      Actual Results

      The Confluence page will fail to load the Jira Issue Macro and does not allow the user to re-authenticate against the oAuth2 App Link:

      The below exception is also thrown in the atlassian-confluence.log file:

      2026-05-14 08:29:46,904 ERROR [JIM Marshaller:thread-5] [storage.token.dao.SecuredClientTokenStore] lambda$deleteByTokenValue$10 Warning: token deletion by value is not supported as Secret Service is enabled.
 -- page: 1867781 | referer: https://mytest.confluence.com/c10210/pages/resumedraft.action?draftId=1867782&draftShareId=93b4d15e-

      7ef4-49f7-ab8b-e4129a52b19b& | traceId: 3967eb8ab9360b62 | userName: admin | action: viewpage | url: /c10210/spaces/PD/pages/1867781/Jira+Issue+Macro+Page
2026-05-14 08:29:46,904 ERROR [JIM Marshaller:thread-5] [extra.jira.columns.DefaultJiraIssuesColumnManager] getColumnsInfoFromJira Failed to fetch Jira fields: 
 -- page: 1867781 | referer: https://mytest.confluence.com/c10210/pages/resumedraft.action?draftId=1867782&draftShareId=93b4d15e-7ef4-49f7-ab8b-e4129a52b19b& | traceId: 3967eb8ab9360b62 | userName: admin | action: viewpage | url: /c10210/spaces/PD/pages/1867781/Jira+Issue+Macro+Page
java.lang.RuntimeException: com.atlassian.sal.api.net.ResponseStatusException: Unexpected response received. Status code: 401
	at com.atlassian.confluence.extra.jira.columns.DefaultJiraIssuesColumnManager$CustomFieldsCacheLoader.load(DefaultJiraIssuesColumnManager.java:181)
	at com.atlassian.confluence.extra.jira.columns.DefaultJiraIssuesColumnManager$CustomFieldsCacheLoader.load(DefaultJiraIssuesColumnManager.java:168)
	at com.github.benmanes.caffeine.cache.LocalCache.lambda$statsAware$0(LocalCache.java:167)
	at com.github.benmanes.caffeine.cache.BoundedLocalCache.lambda$doComputeIfAbsent$0(BoundedLocalCache.java:2707)
	at java.base/java.util.concurrent.ConcurrentHashMap.compute(ConcurrentHashMap.java:1916)
	at com.github.benmanes.caffeine.cache.BoundedLocalCache.doComputeIfAbsent(BoundedLocalCache.java:2705)
	at com.github.benmanes.caffeine.cache.BoundedLocalCache.computeIfAbsent(BoundedLocalCache.java:2686)
	at com.github.benmanes.caffeine.cache.LocalCache.computeIfAbsent(LocalCache.java:112)
	at com.github.benmanes.caffeine.cache.LocalManualCache.get(LocalManualCache.java:63)
	at com.atlassian.confluence.impl.cache.caffeine.CaffeineCacheLoadingImpl.get(CaffeineCacheLoadingImpl.java:31)
	at com.atlassian.cache.impl.metrics.InstrumentedCache.get(InstrumentedCache.java:65)
	at com.atlassian.cache.nutcluster.asyncinvalidation.AbstractDelegatingCache.get(AbstractDelegatingCache.java:58)
	at com.atlassian.cache.nutcluster.asyncinvalidation.AsyncInvalidationCache.get(AsyncInvalidationCache.java:9)
	at com.atlassian.confluence.extra.jira.columns.DefaultJiraIssuesColumnManager.getColumnsInfoFromJira(DefaultJiraIssuesColumnManager.java:159)
	at com.atlassian.confluence.extra.jira.JiraIssuesMacro.createContextMapFromParams(JiraIssuesMacro.java:359)
	at com.atlassian.confluence.extra.jira.JiraIssuesMacro.execute(JiraIssuesMacro.java:1178)
	at com.atlassian.confluence.extra.jira.executor.StreamableMacroFutureTask.renderValue(StreamableMacroFutureTask.java:74)
..
Caused by: com.atlassian.sal.api.net.ResponseStatusException: Unexpected response received. Status code: 401
	at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:18)
	at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:13)
	at com.atlassian.applinks.oauth.auth.oauth2.OAuth2ReturningResponseHandler.handle(OAuth2ReturningResponseHandler.java:39)
..
	at jdk.proxy4/jdk.proxy4.$Proxy3513.executeAndReturn(Unknown Source)
	at com.atlassian.plugins.rest.v2.sal.MarshallingRequest.executeAndReturn(MarshallingRequest.java:133)
	at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor.executeAndReturn(ApplicationLinkRequestAdaptor.java:52)
	at com.atlassian.applinks.oauth.auth.oauth2.OAuth2Request.executeAndReturn(OAuth2Request.java:75)
	at com.atlassian.applinks.core.auth.AbstractApplicationLinkRequest.execute(AbstractApplicationLinkRequest.java:115)
	at com.atlassian.applinks.core.auth.ApplicationLinkAnalyticsRequest.execute(ApplicationLinkAnalyticsRequest.java:174)
	at com.atlassian.confluence.extra.jira.columns.DefaultJiraIssuesColumnManager$CustomFieldsCacheLoader.load(DefaultJiraIssuesColumnManager.java:177)
	... 51 more

      Workaround

      Manually delete out the corresponding oAuth2 Client token on Confluence side.

      1. Backup the Confluence database
      2. Locate the oAuth2 token in the Confluence database 
        select * FROM "AO_723324_CLIENT_TOKEN" where "EXTERNAL_ID" = '<USERNAME>';
        Sample output
        ACCESS_TOKEN  ACCESS_TOKEN_EXPIRATION CONFIG_ID                            EXTERNAL_ID ID                                   LAST_REFRESHED LAST_STATUS_UPDATED REFRESH_COUNT REFRESH_TOKEN REFRESH_TOKEN_EXPIRATION STATUS  
------------- ----------------------- ------------------------------------ ----------- ------------------------------------ -------------- ------------------- ------------- ------------- ------------------------ ------- 
{ATL_SECURED} 1778566075743           e66fa593-24b1-4d44-b77b-d0b90c1a7434 person2     8b6cb341-e80a-4ea0-953f-43075d1582aa (null)         1778562475764       0             {ATL_SECURED} 1781154475743            UNKNOWN
      3. Delete the relevant row, e.g. 
        delete from "AO_723324_CLIENT_TOKEN" where "EXTERNAL_ID" = '<USERNAME>';
        • This can be done whilst Confluence is running
      4. Navigate to Confluence Administration » General Configuration » Cache Management
        • Click Flush All
      5. Reloading the Confluence Jira Issue Macro page will now show a link for re-authenticating the App Link

        1. ConfluenceBrokenAppLinkRequest.png
          ConfluenceBrokenAppLinkRequest.png
          252 kB

              Assignee:
              Unassigned
              Reporter:
              Eric L
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: