Confluence OAuth refresh token invalid_grant — What it means & how to fix it

Confluence integrations often experience issues due to problems with the OAuth token lifecycle, leading to sync disruptions and a "disconnected Confluence" state for users. These issues typically arise from Atlassian's rotating refresh tokens, where each successful token refresh invalidates the previous token, causing failures if the old token is reused. Common causes include concurrency problems, inactivity expiry, user revocation of app access, password changes, and incorrect client credentials. Solutions involve persisting the new refresh token after each refresh, ensuring single-flight refreshes to avoid concurrency issues, verifying OAuth endpoints, and planning for inactivity expiry. If all else fails, re-authorizing the connection is necessary. To prevent these issues, developers should store replacement tokens, lock refresh per connection, plan for inactivity, and provide a smooth reconnection process. Nango, an open-source API auth tool, offers features like automatic token refreshing, webhooks for revoked tokens, and error handling to streamline managing the token lifecycle for Confluence API integrations.