View and Revoke OAuth Access Tokens
OAuth access tokens allow you to use a Confluence gadget on an external web application or website (also known as the 'consumer') and grant this gadget access to Confluence data which is restricted or privy to your Confluence user account.
OAuth access tokens will only appear in your user profile if the following conditions have been met:
- Your Confluence Administrator has established an OAuth relationship between your Confluence site and the consumer.
Confluence Administrators should refer to Configuring OAuth for more information about establishing these OAuth relationships. - You have accessed a Confluence gadget on the consumer and have conducted the following tasks:
- Logged in to your Confluence user account via the gadget and then,
- Clicked the 'Approve Access' button to allow the gadget access to data that is privy to your Confluence user account.
Confluence will then send the consumer an OAuth 'access token', which is specific to this gadget. You can view the details of this access token from your Confluence site's user account.
An OAuth access token acts as a type of 'key'. As long as the consumer is in possession of this access token, the Confluence gadget on the consumer will be able to access Confluence data that is both publicly available and privy to your Confluence user account. As a Confluence user, you can revoke this access token at any time. Furthermore, all access tokens expire after seven days. Once the access token is revoked or has expired, the Confluence gadget will only have access to publicly available Confluence data.
View your OAuth Access Tokens
To view all of your Confluence user account's OAuth access tokens:
- Choose your profile picture at top right of the screen, then choose Settings
- Click View OAuth Access Tokens. A view similar to screenshot below is displayed. Refer to OAuth Access Token Details below for information on interpreting this table.
If no access tokens have been set, then 'None specified' is shown.
Screenshot: Viewing your OAuth Access Tokens
OAuth Access Token Details
Your list of OAuth access tokens is presented in a tabular format, with each access token presented in separate rows and each property of these tokens presented in a separate columns:
Column Name | Description |
|---|---|
Consumer | The name of the Confluence gadget that was added on the consumer. |
Consumer Description | A description of this consumer application. This information would have been obtained from the consumer's own OAuth settings when an OAuth relationship was established between Confluence and that consumer. |
Issued On | The date on which the OAuth access token was issued to the consumer by Confluence. This would have occurred immediately after you approved this gadget access to your Confluence data (privy to your Confluence user account). |
Expires On | The date when the OAuth access token expires. This is seven days after the 'Issued On' date. When this date is reached, the access token will be automatically removed from this list. |
Actions | The functionality for revoking the access token. |
Revoke your OAuth Access Tokens
To revoke one of your OAuth access tokens:
- View your Confluence user account's OAuth access tokens (described above).
- Locate the Confluence gadget whose OAuth access token you wish to revoke and click Revoke OAuth Access Token next to it.
The gadget's access token is revoked and the Confluence gadget on the consumer will only have access to publicly available Confluence data.