This page last changed on Oct 05, 2009 by rosie@atlassian.com.

An OAuth 'consumer' is an application that accesses ('consumes') data from another application. When you add an OAuth consumer in JIRA, you are allowing the consumer application to access JIRA's data. For example, if you want your users to be able to add JIRA gadgets to their iGoogle homepages, then you will need to add iGoogle as an OAuth consumer.

OAuth consumers are a potential security risk. Do not add an OAuth consumer unless you trust all code in the consumer application to behave itself at all times.

Please see the information below for instructions on adding and removing OAuth consumer information for JIRA. Additional information is also available in our Gadgets and Dashboards documentation.

On this page:

Adding an OAuth consumer

Before you begin: Note that adding an OAuth consumer requires the transmission of sensitive data. To prevent 'man-in-the-middle' attacks, it is recommended that you use SSL while adding a OAuth consumer.

To add an OAuth consumer,

  1. Log in as a user with the 'JIRA System Administrators' global permission.
  2. Bring up the administration page by clicking either the 'Administration' link on the top bar or the title of the Administration box on the dashboard.
  3. In the left-hand panel, under the title 'System', click the 'OAuth' link. The 'OAuth Administration' page will be displayed, showing a list of configured OAuth Consumers (if any exist).
  4. Click the 'Add OAuth Consumer' link at the bottom of the list. The 'Add Consumer' page will be displayed:
    Screenshot: Adding an OAuth Consumer (click to view larger image)
  5. You can either:
    • If the consumer is another Atlassian application (e.g. Bamboo), type the consumer's root URL in the 'Consumer Base URL' field (e.g. "http://bamboo.mycompany.com"), so that JIRA can automatically look up the consumer's details for you;
      OR:
    • Enter the consumer's details yourself:
      1. 'Consumer Key' — Type the consumer's unique identifier (e.g. for iGoogle, type "www.google.com").
      2. 'Name' — Type a short name that is meaningful to you and your end-users (e.g. "iGoogle").
      3. 'Description' (optional) — Type a longer description if you wish.
      4. 'Public Key' — Paste the consumer's RSA certificate, e.g. you can copy the iGoogle one from here: http://code.google.com/apis/gadgets/docs/oauth.html#rsa.
      5. 'Callback URL' (optional) — Type the URL of the page that JIRA will redirect to after an end-user has approved the Oauth request, to let the consumer application (e.g. iGoogle) know about the result of the approval. E.g. for iGoogle, type "http://oauth.gmodules.com/gadgets/oauthcallback".
  6. Click the 'Add' button. You can edit any of these fields (apart from the 'Consumer Key') after the consumer has been added.
Individual users can allow/deny OAuth consumers in their User Profile settings.

Removing an OAuth consumer

To remove an OAuth consumer,

  1. Log in as a user with the 'JIRA System Administrators' global permission.
  2. Bring up the administration page by clicking either the 'Administration' link on the top bar or the title of the Administration box on the dashboard.
  3. In the left-hand panel, under the title 'System', click the 'OAuth' link. The 'OAuth Administration' page will be displayed, showing a list of configured OAuth Consumers.
  4. Locate the consumer that you wish to remove and click the 'Remove' link next to it. A confirmation message will display.
  5. Confirm the removal of the consumer. Any request tokens created by this consumer application will be removed and the application will no longer be able to access JIRA's data/resources.

Document generated by Confluence on Oct 06, 2009 00:26