On this page:

What is OAuth?

OAuth is a protocol that allows one application to share a finite set of its private resources and data (through gadgets, for example) with another application. These applications could be a Confluence or JIRA site, or a website such as iGoogle. However, all applications involved must be OAuth-compliant.

Using OAuth, you can access data within a Confluence installation externally, via a Confluence gadget published on a JIRA site's dashboard, another Confluence site's page, or a website like iGoogle. While some data in Confluence may be accessible anonymously on the external application, other data may be restricted to a specific user account within the Confluence installation. OAuth provides the facility to access this restricted data.

The key security advantage of OAuth is that Confluence's user-restricted resources can be shared without Confluence having to hand out user authentication details. Instead, access to these private resources is handled via an 'access token'. Access tokens define what Confluence resources (which are typically based on access privileges) can be accessed by another application and the duration of this access. However, access tokens are dissociated from a user's authentication details, since authentication to gain access to these resources is handled separately.

In OAuth terminology, an application that shares its resources is known as a service provider and an application that accesses a service provider's resources is known as a consumer.

For more information about OAuth, please refer to the OAuth protocol workflow section of our Gadgets and Dashboards documentation. It is important to understand this workflow first before establishing OAuth relationships between your Confluence installation and other external web applications (either Atlassian or non-Atlassian ones).

Important information about establishing OAuth relationships for gadgets


If you wish to use a gadget served by any Atlassian application and require this gadget to access data which is restricted to a user account on that application, then either a Trusted Application or OAuth relationship between the service provider and consumer application must be established first.

Alternatively, if the gadget is served by an Atlassian application which supports Atlassian's Trusted Applications feature (for example, JIRA, Confluence or Bamboo), you can establish a Trusted Applications relationship instead of an OAuth one. Bear in mind that in Trusted Application relationships, you can only access data restricted to a user account on the service provider if:

1. The usernames of user accounts on the service provider and consumer applications match.
2. The user has already logged in to the consumer application.

Unlike Trusted Application relationships, OAuth relationships provide the ability to access restricted data on the service provider when an individual's usernames on the service provider and consumer applications are different. This is because authentication is part of the OAuth protocol workflow.

Not all external gadgets used in Confluence require the establishment of an OAuth relationship. If the gadget does not need to access restricted resources on the service provider, then there should be no need to establish an OAuth relationship.

The instructions in this section provide information on how to establish an OAuth relationship between your Confluence site and another web application's site. This could even apply to situations where Confluence is either the consumer or service provider in the OAuth relationship.

Accessing and Using Confluence's OAuth Administration Page

Confluence's OAuth Administration section, which handles the establishment of OAuth relationships between consumer and service provider web applications, is found in the Administration Console area of Confluence.

To access Confluence's OAuth Administration page,

  1. Go to the Confluence 'Administration Console'. To do this:

    • Open the 'Browse' menu and select 'Confluence Admin'. The 'Administrator Access' login screen will be displayed.
    • Enter your password and click 'Confirm'. You will be temporarily logged into a secure session to access the 'Administration Console'.
  2. Click 'OAuth' from the 'Administration' section in the left navigation panel to open the 'OAuth Administration' page. On this page:
    • Click the 'Consumers' tab to configure consumer applications that will be accessing your Confluence installation's resources (such as Confluence's gadgets). Refer to Configuring OAuth Consumers for more information.
    • Click the 'Consumer Info' tab to view or edit your Confluence installation's Consumer information. Refer to Configuring OAuth Consumer Information for more information.
    • Click the 'Service Providers' tab to configure service providers whose resources your Confluence installation will be using. Refer to Configuring OAuth Service Providers for more information.
      (info) In the documentation links above, 'your Atlassian application' refers to your Confluence installation.
  • No labels

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.