Changes to REST API Response for OAuth Bearer Token Generation

Published Date: July 7, 2024
Validated: Yes
Audience: Everyone
Products and Versions Covered:
• Jama Connect® REST API
• Cloud/CVC
• Self-hosted

Summary

Jama has deployed an updated OAuth 3.0.x service for Jama Connect® REST API authentication. As part of this update, unused code related to refresh tokens and the authorization code flow was removed.

This update changes the response returned when generating OAuth bearer tokens. The following fields are no longer included in bearer token responses:

• scope
• application_data
• tenant
• jti

In addition, the token_type value now returns as Bearer instead of bearer.

These changes affect only the structure of the bearer token response payload and do not impact token generation or authentication behavior.

Resolution

If your integrations, scripts, or applications consume the OAuth bearer token response, update them to align with the revised response structure:

• Remove dependencies on the deprecated response fields:
  • scope
  • application_data
  • tenant
  • jti
• Update any validation logic that checks the token_type field to expect:
  • Bearer
• Test all API authentication workflows to confirm compatibility with the updated response format.
• If your implementation parses the full token response object, ensure it gracefully ignores removed fields to prevent future compatibility issues.

Response Changes

OAuth Service Rewriting - Token differences (before update)

OAuth Service Rewriting - Token differences (after update)

Additional Resources 

• REST API
• Success Programs
• Success Catalog
• Datasheets
• Request a Solution Offering or Training from the Success Catalog

Feedback:
We welcome your input! Please sign in to leave any comments, suggestions, or ideas for improvement below.