This page provides an introduction to the 'Consumer Info' section of an Atlassian application's OAuth administration page. It also shows you how to edit this information.
You should be familiar with Atlassian's implementation of the OAuth protocol (refer to the Introduction to OAuth) before reading the information on this page.
The 'Consumer Info' page contains information that identifies your Atlassian application (as a consumer) to a service provider application. If you require your Atlassian application to access the resources of a service provider, which could be another Atlassian application, the service provider could obtain and keep a record your Atlassian application's consumer information for identification purposes. As long as this record is kept by the service provider, your Atlassian application should have permission to access the service provider's resources via OAuth. If the service provider is another Atlassian application, then the administrator of that service provider can add your Atlassian application as a consumer via the 'Consumers' tab of their OAuth administration page.
Be aware that your Atlassian application's OAuth consumer information is only useful if a service provider's OAuth administration features are capable of obtaining and recording this consumer information. If, however, a service provider does not possess these features, then you must obtain a 'consumer key' and 'shared secret' from the service provider and establish an OAuth relationship with that service provider via your Atlassian application's 'Service Providers' tab.
An Atlassian application's OAuth consumer information consists of the following components, all of which are used by the service provider to identify your Atlassian application as a consumer of its resources:
- Consumer Key — For Atlassian applications, this usually takes the form of the application name, followed by a colon and then a series of digits. This is automatically generated by your Atlassian application and cannot be customised.
- Name — Any short, descriptive name that helps the administrator of your service provider identify your Atlassian application instance as a consumer. This component is editable.
- Description — Any brief description of your Atlassian application instance. Be aware that your service providers may choose to show this information to their users. This component is editable.
- Public Key — A complex string of characters (self-signed certificate) that is used to prove the identity of your Atlassian application to a service provider via a digital signature. This is automatically generated by your Atlassian application and cannot be customised.
- Callback URL — This is the URL that users will be directed to after they approve or deny the OAuth request. A consumer application usually supplies its own callback URL when receiving an OAuth request token. However, if the consumer application does not provide its own callback URL, this URL will be used instead.
Viewing or Editing Your Atlassian Application's OAuth Consumer Information
The OAuth Consumer Information page shows your Atlassian application's current consumer information and also allows you to edit it.
To view or edit your Atlassian application's OAuth consumer information,
- On the 'OAuth Administration' page, click the 'Consumer Info' tab to view your Atlassian application's current consumer information.
- To edit the current consumer information:
- Click the 'Edit' link at the end of the consumer information page.
- In the 'Name' field, provide a short, descriptive name that will help the administrator of your service provider identify your Atlassian application instance as a consumer. This is the only editable field on this page that is mandatory.
- In the 'Description' field, provide a brief description of your Atlassian application instance.
Your service providers may choose to show this information to their users.
- In the 'Callback URL' field, add a URL that users will be directed to after they approve or deny the OAuth request. In most situations, this field can be left blank, as the consumer application usually supplies its own callback URL when receiving an OAuth request token.