This page last changed on Dec 07, 2009 by ggaskell.

On this page:

What is OAuth?

OAuth is a protocol that allows a web application to share a finite set of its private resources and data (through gadgets, for example) with another OAuth-compliant application. These applications could be a Confluence, a JIRA or a website such as iGoogle.

Using OAuth, you can access data within a Confluence installation externally, such as on a JIRA site's dashboard, another Confluence site's page, or a website like iGoogle. This would be done via a gadget supplied by Confluence. While some data in Confluence may be accessible anonymously on the external application, other data may only be available to a specific user account within the Confluence installation. OAuth provides this capability.

The key security advantage of OAuth is that a web application's resources, which are only available to a specific user, can be shared without the web application having to hand out the user's authentication details. Instead, access to these private resources is handled via an 'access token'. Access tokens typically define what web application resources (usually based on user account privileges) can be accessed by another application and the duration of this access. However, access tokens are dissociated from a user's authentication details, since authentication to gain access to these resources is handled separately.

In OAuth terminology, an application that shares its resources is known as a service provider and an application that accesses a service provider's resources is known as a consumer.

For more information about OAuth, please refer to the OAuth protocol workflow section of our Gadgets and Dashboards documentation. It is important to understand this workflow first before establishing OAuth relationships between your Confluence installation and other external web applications (either Atlassian or non-Atlassian ones).

Important information about establishing OAuth relationships for gadgets

If you wish to use a gadget served by any Atlassian application and access data restricted to a user account on that application, then an OAuth relationship between the service provider and consumer application should be established first.

Alternatively, if the gadget is served by an Atlassian application that supports Atlassian's Trusted Applications feature (for example, JIRA, Confluence or Bamboo), you can establish a Trusted Applications relationship instead of an OAuth one. Bear in mind that in Trusted Application relationships, you can only access data restricted to a user account on the service provider if:

1. The usernames of user accounts on the service provider and consumer applications match.
2. The user has logged in to the consumer application.

OAuth relationships provides an individual with access to restricted data on the service provider if their usernames on the service provider and consumer applications, differ since authentication is part of the OAuth protocol workflow.

Not all external gadgets used in Confluence require the establishment of an OAuth relationship. If the gadget does not need to access restricted resources on the service provider, then there should be no need to establish an OAuth relationship.

The instructions in this section provide information on how to establish an OAuth relationship between your Confluence site and another web application's site. This could apply to instances where Confluence acts as either the consumer or service provider in the relationship.

Accessing and Using Confluence's OAuth Administration Page

Confluence's OAuth Administration section, which handles the establishment of OAuth relationships between consumer and service provider web applications, is found in the Administration Console area of Confluence.

To access Confluence's OAuth Administration page,

  1. Go to the Confluence 'Administration Console'. To do this:

    • Open the 'Browse' menu and select 'Confluence Admin'. The 'Administration Console' view will open.
  2. Click 'OAuth' from the 'Administration' section on the left navigation panel.

To use the OAuth administration page,

  • On the 'OAuth Administration' page:
    • Click the 'Consumers' tab to configure consumer applications that will be accessing the resources of your Atlassian application. Refer to Configuring OAuth Consumers for more information.
    • Click the 'Consumer Info' tab to view or edit your Atlassian application's Consumer information. Refer to Configuring OAuth Consumer Information for more information.
    • Click the 'Service Providers' tab to configure service providers whose resources your Atlassian application will be consuming. Refer to Configuring OAuth Service Providers for more information.
In the procedure above (and referred documentation), 'your Atlassian application' refers to your Confluence installation.
Document generated by Confluence on Dec 10, 2009 18:41