About OAuth access tokens
OAuth access tokens allow you to:
- Use a Jira gadget on an external, OAuth-compliant web application or website (also known as a 'consumer')
- Grant this gadget access to Jira data which is restricted or privy to your Jira user account.
Before you begin
Your Jira administrator must establish an OAuth relationship with this external web application or instance by approving it as an OAuth consumer. For example, if you want to add a Jira gadget to your Bamboo homepage and allow this gadget to access your restricted Jira data, then your Jira administrator must first approve Bamboo as an OAuth consumer.
The Jira gadget on the 'consumer' is granted access to your Jira data via an 'OAuth access token', which acts as a type of 'key'. As long as the consumer is in possession of this access token, the Jira gadget will be able to access Jira data that is both publicly available and privy to your Jira user account. You can revoke this access token at any time from your Jira user account, otherwise, all access tokens expire after seven days. Once the access token is revoked or has expired, the Jira gadget will only have access to publicly available data on your Jira instance.
An OAuth access token will only appear in your user profile if the following conditions have been met:
Your Jira Administrator has established an application link using OAuth between your Jira instance and the consumer. Jira Administrators should refer to Using AppLinks to link to other applications.
- You have accessed a Jira gadget on a consumer and have allowed this gadget access to your Jira data. See Issuing OAuth access tokens below for details on this process.
Issuing OAuth access tokens
An OAuth access token is issued by Jira to provide one of its gadgets on a consumer, access to your Jira data (that is, data which is restricted to your Jira user account).
- When you are using a Jira gadget on a consumer (such as Bamboo) and this gadget requires access to your Jira data, you will first be prompted to log in to Jira (if you have not already done so).
- Once you have logged in to Jira, you will be prompted with a 'Request for Access' message.
At this point, Jira is preparing to issue the Jira gadget (on the consumer) with an OAuth access token.
- To grant the gadget access to your Jira data, click the Approve Access button. The consumer application will receive the OAuth access token from your Jira instance. This access token is specific to this gadget and as long as the token resides with the gadget, your gadget will have access to your Jira data.
Revoking OAuth access tokens
You can revoke an OAuth access token to deny a Jira gadget on a consumer access to Jira data which is restricted to your Jira user account. You can only revoke OAuth access tokens that you have allowed Jira to issue previously.
- Select Your profile and settings (. ) > Settings
- Choose Manage apps in the Connected apps section at the bottom of the page.
- Your list of OAuth access tokens is presented in a tabular format, with each access token presented in separate rows and each property of these tokens presented in a separate column. Refer to the OAuth access token table details section below for more information about this table.
- Locate the Jira gadget and its associated consumer application whose OAuth access token you wish to revoke and click its Revoke OAuth Access Token link in the Actions column.
- You may be prompted to confirm this action. If so, click OK.
The gadget's access token is revoked and the Jira gadget on the consumer will only have access to publicly available Jira data.
OAuth access token table details
The name of the Jira gadget that was added on the consumer.
A description of this consumer application. This information would have been obtained from the consumer's own OAuth settings when an OAuth relationship was established between Jira and that consumer.
The date on which the OAuth access token was issued to the consumer by Jira. This would have occurred immediately after you approved this gadget access to your Jira data (privy to your Jira user account).
The date when the OAuth access token expires. This is seven days after the 'Issued On' date. When this date is reached, the access token will be automatically removed from this list.
The functionality for revoking the access token.