This page last changed on Apr 13, 2011 by smaddox.

OAuth is a protocol that allows one application to share a defined set of its private resources and data (through gadgets, for example) with another application. These applications could be a Confluence or JIRA site, or a website such as iGoogle. All applications involved must be OAuth-compliant. In Confluence, use Application Links to set up an OAuth relationship with another application.

Configuring OAuth Authentication

Application links are used to enable trust relationships between two applications. Linking two applications allows you to share information and access one application's functions from within the other. You can configure an application link to use OAuth as the authentication mechanism. For instructions, see Configuring OAuth Authentication for an Application Link.

About OAuth

Using OAuth, you can access data within a Confluence installation externally via a Confluence gadget published on a JIRA site's dashboard, another Confluence site's page, or a website like iGoogle. While some data in Confluence may be accessible anonymously on the external application, other data may be restricted to a specific user account within the Confluence installation. OAuth provides the facility to access this restricted data.

The key security advantage of OAuth is that Confluence's user-restricted resources can be shared without Confluence having to hand out user authentication details. Instead, access to these private resources is handled via an access token. Access tokens define what Confluence resources can be accessed by another application and the duration of this access. Access tokens are dissociated from a user's authentication details, since authentication to gain access to these resources is handled separately.

In OAuth terminology, an application that shares its resources is known as a service provider and an application that accesses a service provider's resources is known as a consumer.

Notes

  • OAuth relationships provide the ability to access restricted data on the service provider when an individual's usernames on the service provider and consumer applications are different. This is different to Trusted Application relationships, also provided via [Application Links|Administering Application Links, where the usernames must be the same in both applications.
  • Not all external gadgets used in Confluence require the establishment of an OAuth relationship. If the gadget does not need to access restricted resources on the service provider, then there should be no need to establish an OAuth relationship.
  • For more information about OAuth, please refer to the OAuth protocol workflow section of our Gadgets and Dashboards documentation.
Related Topics

Configuring Application Links
Configuring OAuth Authentication for an Application Link

Document generated by Confluence on Sep 19, 2011 02:46