This page describes the purpose of OAuth access tokens which have been issued on behalf of your Confluence user account and provides instructions on how to revoke them.
On this page:
OAuth Access Tokens
OAuth access tokens allow you to use a Confluence gadget on an external web application or website (also known as the 'consumer') and grant this gadget access to Confluence data which is restricted or privy to your Confluence user account.
OAuth access tokens will only appear in your user profile if the following conditions have been met:
- Your Confluence Administrator has established an OAuth relationship between your Confluence site and the consumer. Confluence Administrators should refer to Configuring OAuth for more information about establishing these OAuth relationships.
- You have accessed a Confluence gadget on the consumer and have conducted the following tasks:
- Logged in to your Confluence user account via the gadget and then,
- Clicked the 'Approve Access' button to allow the gadget access to data that is privy to your Confluence user account.
Confluence will then send the consumer an OAuth 'access token', which is specific to this gadget. You can view the details of this access token from your Confluence site's user account.
An OAuth access token acts as a type of 'key'. As long as the consumer is in possession of this access token, the Confluence gadget on the consumer will be able to access Confluence data that is both publicly available and privy to your Confluence user account. As a Confluence user, you can revoke this access token at any time. Furthermore, all access tokens expire after seven days. Once the access token is revoked or has expired, the Confluence gadget will only have access to publicly available Confluence data.
Viewing your OAuth Access Tokens
To view all of your Confluence user account's OAuth access tokens,
-
Go to the 'Settings' view for your user profile. To do this:
- Log in to Confluence, if you have not already done so.
- Go to your name at the top of the page. (This is the 'User' menu. A dropdown list will appear when your cursor hovers over the 'User' menu.)
- Select 'Settings' from the dropdown list. The 'Settings' view will open.
- Click the 'View OAuth Access Tokens' link. A view similar to screenshot below is displayed. Refer to OAuth Access Token Details below for information on interpreting this table.
If no access tokens have been set, then 'None specified' is shown.
Screenshot: Viewing your OAuth Access Tokens
OAuth Access Token Details
Your list of OAuth access tokens is presented in a tabular format, with each access token presented in separate rows and each property of these tokens presented in a separate columns:
Column Name |
Description |
---|---|
Consumer |
The name of the Confluence gadget that was added on the consumer. |
Consumer Description |
A description of this consumer application. This information would have been obtained from the consumer's own OAuth settings when an OAuth relationship was established between Confluence and that consumer. |
Issued On |
The date on which the OAuth access token was issued to the consumer by Confluence. This would have occurred immediately after you approved this gadget access to your Confluence data (privy to your Confluence user account). |
Expires On |
The date when the OAuth access token expires. This is seven days after the 'Issued On' date. When this date is reached, the access token will be automatically removed from this list. |
Actions |
The functionality for revoking the access token. |
Revoking your OAuth Access Tokens
To revoke one of your OAuth access tokens,
- View your Confluence user account's OAuth access tokens (described above).
- Locate the Confluence gadget whose OAuth access token you wish to revoke and click the 'Revoke OAuth Access Token' link next to it.
The gadget's access token is revoked and the Confluence gadget on the consumer will only have access to publicly available Confluence data.