OAuth 2.0 provider system properties

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

When configuring Jira as an OAuth 2.0 provider (incoming link), you can use these system properties.

atlassian.oauth2.provider.enable.access.tokens
Defaulttrue
DescriptionDisables the ability to authenticate using access tokens for that node.
atlassian.oauth2.provider.skip.base.url.https.requirement
Defaultfalse
DescriptionDisables the HTTPS requirement for the base URL. If this is disabled, the OAuth 2.0 provider will be enabled even if the product is using HTTP.
atlassian.oauth2.provider.skip.redirect.url.https.requirement
Defaultfalse
DescriptionDisables the HTTPS requirement for the Redirect URL. If this is disabled, the OAuth 2.0 provider will allow Redirect URLs using HTTP.
atlassian.oauth2.provider.max.lock.timeout.seconds
Default10
DescriptionNumber of seconds a request will await lock access before timing out.
atlassian.oauth2.provider.max.client.delay.seconds
Default10
DescriptionMax lifetime of authorization codes (seconds). The limit is 600 seconds.
atlassian.oauth2.provider.prune.expired.authorizations.schedule
Default* * * * * ?
DescriptionCron expression for a job that removes expired authorization codes. Default is 1 minute.
atlassian.oauth2.provider.access.token.expiration.seconds
Default3600 (1 hour)
DescriptionMax lifetime of access tokens (seconds).
atlassian.oauth2.provider.prune.expired.tokens.schedule
Default* * * * * ?
DescriptionCron expression for a job that removes expired access tokens. Default is 1 minute.
atlassian.oauth2.provider.access.token.expiration.seconds
Default7776000 (90 days)
DescriptionMax lifetime of refresh tokens (seconds).
atlassian.oauth2.provider.invalidate.session.enabled
Defaulttrue
DescriptionInvalidates a session after a successful authentication using an OAuth token.
atlassian.oauth2.provider.validate.client.secret
Defaulttrue
DescriptionValidates the client ID and client secret when revoking and creating tokens.
atlassian.oauth2.provider.use.quotes.in.sql
Defaultfalse
Description

Controls whether to add quotes to SQL statements. This is a sanity system property used for database requirements.

PostgreSQL will always use quotes unless the atlassian.oauth2.provider.do.not.use.quotes.in.sql property (below) is enabled.

atlassian.oauth2.provider.do.not.use.quotes.in.sql
Defaultfalse
DescriptionControls whether to add quotes to SQL statements. This is a sanity system property used for database requirements.
atlassian.oauth2.provider.token.via.basic.authentication
Defaulttrue
DescriptionEnables extracting tokens through the basic authentication password field for access token authentication.
Last modified on Feb 2, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.