Remove OAuth Access Token for all users on an application that is no longer in use

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

This article will provide steps to remove an unwanted OAuth Access Token on all of your user profiles to an application that you no longer have access to.

This process should be applied when Confluence no longer has a direct link to the Application, but the application has not removed the link from your users. OAuth Access Token may remain active on Confluence side.

Environment

Confluence Server or Data Center

Solution

Always back up your data before making any database modifications. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

This involves a restart of Confluence. Please make sure to perform the steps on a scheduled downtime or off business hours.

  1. Log into your Confluence database and run the following SQL query:

    1 select * from bandana where BANDANAKEY like '%com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore.token%';

    This query will help us identify the OAuth Access token value on the bandanavalue column. Take note of this value

  2. Plan a scheduled downtime not to impact your business, or perform the steps during off-hours

  3. Shutdown Confluence;

  4. ⚠️Take a backup from your Confluence database in case we may need to revert it to its pre-delete statement state.

  5. Execute the below query:

    1 2 3 delete from BANDANA where BANDANAKEY like 'com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore.token%' and bandanavalue like '%<VALUE_EXTRACTED_FROM_THE_1ST_STEP>%';

  6. Restart the application.

  7. The external application will be removed from all profiles.

Updated on April 24, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community