Jira returns 401 Unauthorized after a few days

Jira returns 401 Unauthorized after a few days

Hey everyone,

I am facing an issue with Retool and Jira.

  • I have successfully authenticated to Jira using OAuth2 [image1]
  • After authenticated, I can run the workflow and create Jira tickets with no issue [image2]
  • After a few days, when rerunning the workflow, I see the error 401 Unauthenticated when trying to create the Jira ticket [image3]

What could be going wrong? Did I configure something wrong, or is this a bug with the token management from the Retool side?

Thank you

Image 1

Image 2

Image 3

Any help?

I wonder if this would be considered "custom auth"... workflows don't support custom auth yet.

It doesn't look a custom auth as I'm using a component supported by Retool.

You may be correct. I was just thinking since jira oauth most likely requires some sort of refresh that this may be the issue.

I agree! It looks like something related to the refresh token since it works for a few days before failing again.

My 2 cents:

Nice reference @ScottR

Does anyone know how I can tag someone from the Retool team to check if they have implemented the Jira component according to this documentation?

Hey Rodrigo! We definitely have users with working Jira resources.

For your specific issue, it'll depend on how Jira’s specific access token refresh flow. i.e whether they respond to the request to refresh the token (expected) as a response or if they have a non standard flow to set the token.

I would expect that the refresh flow does not need to be accounted for (i.e should work without whitelisting) but I’d definitely test it to confirm.

Though this approach will probably cause frustration later on when issues arrive, and you’ll have to re-whitelist those IPs whenever you need to re-authenticate e.g to grant new scopes, or when JIRA api runs into issues.

Are you On Prem or Cloud?

Hi @victoria
We are using the cloud.

Is there anything I should now to help troubleshoot this issue? I just added the Jira resource, clicked "Connect with OAuth" and gave the necessary permissions.

Hi @victoria , we are experiencing the same problems. The JIRA API is connected to our cloud instance and works perfectly fine, but after a few days we get an authorization error and have to reconnect again. We are using the domain format (api.atlassian...) for connecting just as Rodrigo, so it seems to be the same thing.

Really interesting. I am not the only one facing this issue so that it might be a problem with the Jira component.

Hi @Barbara_Theiss
Have you got any answer?

@Rodrigo_Zembrzuski no, unfortunately not. The Connection worked some weeks without problems but at the moment it crashes every few days.

Hey @victoria
Any update on this issue? Any idea on how to overcome this issue?

Hi Rodrigo and Barbara! Thank you both for surfacing this, happy to look into it with you. Would you mind sharing a screenshot of the errors you're getting? And do you see any errors in your browser console?

Hi @victoria
Following there are some screenshots:

  1. Execution logs:

  2. Console

Hey @victoria

I've just noticed something that might help troubleshoot this issue:

  1. When my pipeline is triggered automatically by the scheduler, the Jira component fails.
  2. When I manually trigger the pipeline by clicking the "Run" button, the Jira component succeeds.

Any update on this issue?

Hey Rodgrido! Just spoke with the Workflows team and they confirmed that this is auth related. OAuth is tied to the user, and we currently don't support user-based auth.

We shouldn't be showing user-based auth resources as available to use in Workflows, so we're working on that now!

We do support custom auth only where there is an API request with a time based trigger. The recommendation in this particular case is to not use OAuth, and instead, to use a different authentication scheme if possible...maybe a secret API key w/ scope?