Issue in request authorization code using OAuth2 in confluence server

Kai Gao December 14, 2022

When we try to set up OAuth2 authentication in confluence on-prem server using the below steps, we get invalid_request error when requesting the Authorization code.

To create an incoming link.

  1. Login into confluence on-prem server  and Go to image007.png  > General Configuration > Application links.
  2. Select Create link.
  3. Select External application, and then choose Incoming as the direction

Screenshot 2022-12-14 at 3.48.38 PM.png

Screenshot 2022-12-14 at 3.50.42 PM.png

4. After this we’ll get client id and client secret of application link.

Screenshot 2022-12-14 at 3.52.09 PM.png

Screenshot 2022-12-14 at 3.53.30 PM.png

5. Request Authorization code by redirecting the user to the /rest/oauth2/latest/authorize page with the URL.

https://confluence.integ.us-west-2.beta.kendra.aws.a2z.com/plugins/servlet/oauth2/consent?client_id=7a8aeab250b334901ac54271d09e2fbc&redirect_uri=https://confluence.integ.us-west-2.beta.kendra.aws.a2z.com&response_type=code&scope=READ&code_challenge_method=plain&code_challenge=code_verifier

 6. This is the consent screen that asks the user to approve the application’s request to access their account with the scopes specified in scope. The user is then redirected to the URL specified in redirect_uri. The redirect includes the authorization code

Screenshot 2022-12-14 at 3.57.56 PM.png

7. Clicking on Allow button results in the below error message and we don't get the authorization code.

Screenshot 2022-12-14 at 4.01.03 PM.png

What should we put in the code_challenge_method and code_challenge query parameters in Step 5 URL? Currently, we use the code_challenge_method=plain&code_challenge=code_verifier parameters and when we check the logs in <confluence_installation_directory>/logs/catalina.log file we didn't find any error in that so where we need to check the confluence logs for the above error.

8. When we use below authorization url and skipping code_challenge_method and code_challenge query parameters, then we get the authorization code and consent screen as well.

https://confluence.integ.us-west-2.beta.kendra.aws.a2z.com/plugins/servlet/oauth2/consent?client_id=7a8aeab250b334901ac54271d09e2fbc&redirect_uri=https://confluence.integ.us-west-2.beta.kendra.aws.a2z.com&response_type=code&scope=READ

Screenshot 2022-12-15 at 6.54.34 PM.png

9. When click on Allow button we get authorization code.

Screenshot 2022-12-15 at 6.56.29 PM.png

Authorization Code : 5f18a5e72580bad5e0d6b4983e97bacb

10. With the authorization code returned from the previous request, we can request an access_token with postman and in this step we get another error like 

"The server could not perform this operation - please check application logs."

Screenshot 2022-12-15 at 7.00.25 PM.png

when we check the logs in <confluence_installation_directory>/logs/catalina.log file we didn't find any error in that so where we need to check the confluence logs for the error.

Referring this documentation to setup OAuth2 Authentication on Confluence on-prem server.

we would appreciate if you could point us in the right direction on how to resolve this issue and set up the OAuth2 authentication on the Confluence on-prem server.

0 answers

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events