View and Revoke OAuth Access Tokens

Still need help?

The Atlassian Community is here for you.

Ask the community

OAuth access tokens allow you to use a Confluence gadget on an external web application or website (also known as the 'consumer') and grant this gadget access to Confluence data which is restricted or privy to your Confluence user account.

OAuth access tokens will only appear in your user profile if the following conditions have been met:

  1. Your Confluence Administrator has established an OAuth relationship between your Confluence site and the consumer. 
    Confluence Administrators should refer to Configuring OAuth for more information about establishing these OAuth relationships. 
  2. You have accessed a Confluence gadget on the consumer and have conducted the following tasks:
    1. Logged in to your Confluence user account via the gadget and then,
    2. Clicked the 'Approve Access' button to allow the gadget access to data that is privy to your Confluence user account.
      (info) Confluence will then send the consumer an OAuth 'access token', which is specific to this gadget. You can view the details of this access token from your Confluence site's user account.

On this page:

Related pages:

An OAuth access token acts as a type of 'key'. As long as the consumer is in possession of this access token, the Confluence gadget on the consumer will be able to access Confluence data that is both publicly available and privy to your Confluence user account. As a Confluence user, you can revoke this access token at any time. Furthermore, all access tokens expire after seven days. Once the access token is revoked or has expired, the Confluence gadget will only have access to publicly available Confluence data.

View your OAuth Access Tokens

To view all of your Confluence user account's OAuth access tokens:

  1. Choose your profile picture at top right of the screen, then choose Settings
  2. Click View OAuth Access Tokens. A view similar to screenshot below is displayed. Refer to OAuth Access Token Details below for information on interpreting this table.
    (info) If no access tokens have been set, then 'None specified' is shown.


Screenshot: Viewing your OAuth Access Tokens


OAuth Access Token Details

Your list of OAuth access tokens is presented in a tabular format, with each access token presented in separate rows and each property of these tokens presented in a separate columns:

Column Name

Description

Consumer

The name of the Confluence gadget that was added on the consumer.

Consumer Description

A description of this consumer application. This information would have been obtained from the consumer's own OAuth settings when an OAuth relationship was established between Confluence and that consumer.
(info) If the consumer is another Atlassian application, this information is obtained from the Consumer Info tab's 'Description' field of the OAuth Administration settings. The application's administrator can customize this Consumer Info detail.

Issued On

The date on which the OAuth access token was issued to the consumer by Confluence. This would have occurred immediately after you approved this gadget access to your Confluence data (privy to your Confluence user account).

Expires On

The date when the OAuth access token expires. This is seven days after the 'Issued On' date. When this date is reached, the access token will be automatically removed from this list.

Actions

The functionality for revoking the access token.

Revoke your OAuth Access Tokens

To revoke one of your OAuth access tokens:

  1. View your Confluence user account's OAuth access tokens (described above).
  2. Locate the Confluence gadget whose OAuth access token you wish to revoke and click Revoke OAuth Access Token next to it.
    The gadget's access token is revoked and the Confluence gadget on the consumer will only have access to publicly available Confluence data.
Last modified on May 25, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.