Documentation for JIRA 4.2. Documentation for other versions of JIRA is available too.

On this page:

About OAuth Access Tokens

OAuth access tokens allow you to:

  • Use a JIRA gadget on an external, OAuth-compliant web application or website (also known as a 'consumer')
    AND
  • Grant this gadget access to JIRA data which is restricted or privy to your JIRA user account.

Before this can happen, your JIRA administrator must establish an OAuth relationship with this external web application or site by approving it as an OAuth consumer. For example, if you want to add a JIRA gadget to your Bamboo homepage and allow this gadget to access your restricted JIRA data, then your JIRA administrator must first approve Bamboo as an OAuth consumer.

Next, the JIRA gadget on the 'consumer' is granted access to your JIRA data via an 'OAuth access token', which acts as a type of 'key'. As long as the consumer is in possession of this access token, the JIRA gadget will be able to access JIRA data that is both publicly available and privy to your JIRA user account. You can revoke this access token at any time from your JIRA user account, otherwise, all access tokens expire after seven days. Once the access token is revoked or has expired, the JIRA gadget will only have access to publicly available data on your JIRA site.

An OAuth access token will only appear in your user profile if the following conditions have been met:

  1. Your JIRA Administrator has established an OAuth relationship between your JIRA site and the consumer. JIRA Administrators should refer to Configuring OAuth for more information about establishing these OAuth relationships.

  2. You have accessed a JIRA gadget on a consumer and have allowed this gadget access to your JIRA data. See Issuing OAuth Access Tokens, below for details on this process.

Screenshot: Viewing your OAuth Access Tokens

Issuing OAuth Access Tokens

An OAuth access token is issued by JIRA to provide one of its gadgets on a consumer, access to your JIRA data (that is, data which is restricted to your JIRA user account).

To allow a JIRA gadget on a consumer, access your JIRA data,

  1. When you are using a JIRA gadget on a consumer (such as Bamboo) and this gadget requires access to your JIRA data, you will first be prompted to log in to JIRA (if you have not already done so).

  2. Once you have logged in to JIRA, you will be prompted with a 'Request for Access' message:

    Screenshot: Request for Access Message



    At this point, JIRA is preparing to issue the JIRA gadget (on the consumer) with an OAuth access token.

  3. To grant the gadget access to your JIRA data, click the 'Approve Access' button. The consumer application will receive the OAuth access token from your JIRA site. This access token is specific to this gadget and as long as the token resides with the gadget, your gadget will have access to your JIRA data.

Revoking OAuth Access Tokens

You can revoke an OAuth access token to deny a JIRA gadget on a consumer access to JIRA data which is restricted to your JIRA user account. You can only revoke OAuth access tokens that you have allowed JIRA to issue previously.

To prevent a JIRA gadget on a consumer, from accessing your JIRA data,

  1. Click your user name at the top-right of the page to open your User Profile at the 'Summary' tab page.

  2. Click the 'Tools' menu and select the 'View OAuth Access Tokens' menu item.

  3. The 'OAuth Access Tokens' page will be displayed.

    Screenshot: Viewing your OAuth Access Tokens



    Your list of OAuth access tokens is presented in a tabular format, with each access token presented in separate rows and each property of these tokens presented in a separate columns. Refer to the OAuth Access Token Table Details section below for more information about this table.

  4. Locate the JIRA gadget and its associated consumer application whose OAuth access token you wish to revoke and click its 'Revoke OAuth Access Token' link in the 'Actions' column.

  5. You may be prompted to confirm this action. If so, click the 'OK' button.



    The gadget's access token is revoked and the JIRA gadget on the consumer will only have access to publicly available JIRA data.

OAuth Access Token Table Details

Column Name

Description

Consumer

The name of the JIRA gadget that was added on the consumer.

Consumer Description

A description of this consumer application. This information would have been obtained from the consumer's own OAuth settings when an OAuth relationship was established between JIRA and that consumer.
(info) If the consumer is another Atlassian application, this information is obtained from the Consumer Info tab's 'Description' field of the OAuth Administration settings. The application's administrator can customise this Consumer Info detail.

Issued On

The date on which the OAuth access token was issued to the consumer by JIRA. This would have occurred immediately after you approved this gadget access to your JIRA data (privy to your JIRA user account).

Expires On

The date when the OAuth access token expires. This is seven days after the 'Issued On' date. When this date is reached, the access token will be automatically removed from this list.

Actions

The functionality for revoking the access token.

  • No labels



Log a request with our support team.



Raise an issue for our developers.



See answers from the community.



Tweet, blog and update our documentation.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.