Issue Summary

If a user has already authorized an OAuth 2.0 app for a site/product, and then authorizes the same app for another site/product, there's no avaiable way to discern which is the latest site the users has authorized.

Although, the user selects the site in the Authorization window, from the app it's not possible to detect this. As a result, the app cannot show context aware content (related to the site) automatically which breaks User Experience. (As the user would expect the app to recognize which site they've just authorized and perform relevant actions [i.e. redirect to the proper site]).

It'd be great to have a way to detect this from the app. For example, https://api.atlassian.com/oauth/token/accessible-resources - can also return a timestamp of when a site was authorized. Like so

[
    {
        "id": "<cloud_id>",
        "url": "https://site1.atlassian.net",
        "name": "<site1>",
        "whenAuthorized": <timestamp>,
        "scopes": [
            "read:jira-work",
            "read:jira-user"
        ],
        "avatarUrl": "<URL>"
    },
    {
        "id": "<cloud_id>",
        "url": "https://site2.atlassian.net",
        "name": "<site2>",
        "whenAuthorized": <timestamp>,
        "scopes": [
            "read:jira-work",
            "read:jira-user"
        ],
        "avatarUrl": "<URL>"
    }
]

Workaround

At the moment, from the app-side, we can show a list of sites that user have already authorized for (based on /oauth/token/accessible-resources output) and let them select the one they'd like to use.