Cloud
Data Center 9.1
Versions

Configure OAuth 2.0 for Confluence iOS

Confluence Mobile

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

This feature is available for iOS only because Android supports client certificates out of the box. Both Mobile Device Management (MDM) and non-MDM users can use this feature.

Starting from Confluence Data Center iOS mobile app 2.0, you can use the OAuth 2.0 authentication flow to:

  • improve your Confluence’s security

  • improve session restoration

  • support Fast IDentity Online 2 (FIDO2) and other certificate-based authentication standards.


On this page:


Before you begin

The Confluence Data Center iOS mobile app acts as the OAuth client, while Confluence itself is the OAuth provider API. The iOS app uses an authorization code with the Proof Key for Code Exchange (PKCE) flow.

OAuth 2.0 is compatible with Confluence 9.1 and later via the OAuth plugin 4.1.1 and later.

Mobile Device Management (MDM) setup

To use the OAuth 2.0 flow with the MDM setup, first you need to configure OAuth, and then integrate it with your instance.

Configure OAuth 2.0

To configure OAuth 2.0 for MDM, create an incoming Application link:

  1. Go to Settings, then General Configuration, and then Confluence mobile app.

  2. Select Create link and use the following properties:

    1. For Application type, use External application.

    2. For Direction, use Incoming.

  3. Select Continue. On the next page, use only these properties:

    1. Redirect URL: confluence-server://oauth-callback

    2. Permission: WRITE

  4. Save the changes.

Confluence will generate the OAuth credentials that include these details. More about configuring incoming links

After Confluence generates the OAuth credentials, pre-populate site URLs on the login screen.

If MDM is already set up for Confluence Data Center iOS mobile app, make sure you have the following configuration for the site details.

[
{ "title": "My Confluence Site", "baseURL": "https://confluence.example.com"}
]

Integrate OAuth 2.0

To integrate OAuth with your instance, use the configuration below, where:

  • For the clientID , use the Application link you’ve just created.

  • The value cacheSessionInMobileBrowser is a Bool flag(true or false) indicating whether the mobile browser utilized for authentication should be cached.

[
{ "title": "My Confluence Site", "baseURL": "https://confluence.example.com", "oauth": { "clientID": "your_clientID", "cacheSessionInMobileBrowser": false } }
]

Save your changes. Before deploying the app configuration updates to your users, we recommend accessing the Confluence Data Center mobile app on a device to ensure the details are accurately captured. You'll get an error if the app can't display your sites list

Non-Mobile Device Management (MDM) setup

In case you want to use the OAuth 2.0 flow without MDM, you can use Confluence Mobile plugin for passing client credentials. Make sure you use this feature with the compatible Confluence version. For Confluence 9.1 or later, use Confluence Mobile Plugin 19.1.47 or later.

Client credentials will be passed via this endpoint: [base-url]/rest/nativemobile/1.1/info/login. Make sure that the info/login endpoint is unauthenticated in your environment.

If your instance has a reverse proxy that redirects unauthenticated requests, you’ll need to use the MDM setup. In this scenario, you don’t need to create an Application link manually. Instead, Confluence Mobile Plugin will do everything by itself. To activate OAuth 2.0 without MDM:

  1. Go to Settings, then General Configuration, and then Confluence mobile app.

  2. Turn on OAuth 2.0.

Now, the iOS devices will use the OAuth 2.0 protocol.


Last modified on Oct 7, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.