Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

OAuth 2.0 in Jira Data Center – Client ID and Client Secret for Multiple Users

AutomationUIUser
June 30, 2026

Hi everyone,

I'm implementing OAuth 2.0 for a Jira Data Center application and have a question about how the client credentials work in a multi-user environment.

From what I understand, an OAuth provider is configured once in Jira Data Center, which generates a Client ID and Client Secret.

I would like to confirm the following:

  1. Is the same Client ID and Client Secret used for all users who authorize the application?
  2. Or are separate Client IDs and Client Secrets generated for each user?
  3. If the Client ID and Client Secret are shared, are the authorization code, access token, and refresh token the only user-specific credentials?
  4. What is the recommended approach for securely implementing OAuth 2.0 when multiple users authenticate against the same Jira Data Center instance?

I want to make sure my implementation follows the recommended best practices for Jira Data Center.

Thanks in advance for your help!

1 answer

0 votes
Gor Greyan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
June 30, 2026

Hi @AutomationUIUser

Thanks for the question.

Based on my experience, I'd recommend configuring a single OAuth 2.0 application in Jira Data Center and using that for all users.

The Client ID and Client Secret belong to the application itself, so they're shared by everyone who authorizes it. Jira doesn't create a separate Client ID or Client Secret for each user.

What is unique to each user are the authorization code, access token, and refresh token. Each user needs to complete the OAuth authorization flow once, after which your application should securely store their tokens and use them for future requests on that user's behalf.

This is the standard OAuth 2.0 approach and is the one I'd recommend for a multi-user integration. Just make sure to keep the Client Secret on the server side and never expose it in client-side code.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events