Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unable to Integrate Cloudflare CASB with Confluence - Missing "read:space:confluence" Scope?

Adam Greer
Adam Greer December 20, 2024

 

I'm trying to integrate Cloudflare CASB with our Atlassian Confluence instance but encountering issues. When I attempt to authorize from Cloudflare, it redirects me to an error page stating:
"Add the following scopes to the Confluence API: read:space:confluence."

(This scope is assigned to the app I created, but how is Cloudflare being directed to this app, if at all?)

Here’s what I’ve done so far:

  1. I created an OAuth 2.0 app in the Atlassian developer portal.
  2. Granted these permissions, per Cloudflare's documentation:
    • read:confluence-space.summary
    • read:confluence-props
    • read:confluence-content.all
    • read:confluence-content.summary
    • read:confluence-content.permission
    • read:confluence-user
    • read:confluence-groups
    • read:space:confluence

I cannot figure out:

  1. How to add this app to our Confluence tenant. It’s private, and I want to keep it that way.
    • I see mentions of an AppDescriptor URL, but this app is not hosted anywhere. Is there a way to bypass or fulfill this requirement for a private app that only needs to pass data to Cloudflare?
  2. Whether the issue is related to a missing read:space:confluence permission for my admin account or the app or elsewhere.

Is there a step I’m missing in the app setup, or should I not be creating a custom app at all for this integration? Am I missing some documentation that would save me?

Any guidance would be appreciated!

Answer
Watch
Like Humashankar VJ likes this
212 views

1 answer

1 accepted

1 vote
Answer accepted
Humashankar VJ
Humashankar VJ
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 27, 2024

Hi @Adam Greer 

It appears that you're experiencing a permissions issue with Cloudflare CASB and Confluence.

  • Start by reviewing the OAuth scopes assigned to your app, ensuring that "read:space:confluence" is explicitly included.
  • Next, confirm that your app is correctly set up in the Atlassian Developer Portal, noting that private apps do not require an AppDescriptor URL.
  • Moreover, verify that the redirect URI matches between Cloudflare and your Atlassian app.

Finally, ensure that your admin account has full permissions to authorize apps, as this is essential for completing the integration successfully.

Hope this helps - Happy to help further!!
Thank you very much and have a great one!
Warm regards

View More Comments
Adam Greer
Adam Greer January 2, 2025

Hello @Humashankar VJ I really appreciate your assistance with this!

I have went through your suggestions:

  • Ensured that "read:space:confluence" is an included permission in "API Scopes"
    • (In addition to the 7 other permissions mentioned)
  • As far as I can tell the app is set-up correctly. It is a private app so the distribution settings are not configured/ only set to "Not Sharing"
  • Is the redirect URI the same as the "Callback URL" found in the Authorization tab of the Developer console? This is a major issue I was having as neither Cloudflare nor Atlassian (to my knowledge) provides a URL I should be using, so this is currently just set to our base domain.
    • If I follow the "Authorization URL generator" link that is created from my callback URL. It will direct me to an Atlassian page saying the app is requesting access to my Atlassian account and I can accept or deny this. I have accepted many times and it says "1 user has consented to using My App." Once I accept it redirects me to whatever "callback URL" I entered.
      • This app never shows up under "Manage Apps" in Confluence despite remembering that 1 user (me) has consented.

It may be worth noting that when trying to integrate from Cloudflare this is the error:

Information for the owner of Confluence - Cloudflare CASB This app has requested Confluence API & Confluence API scopes that have not been added to the app. Configure the app at https://developer.atlassian.com/apps and add the following scopes to the Confluence API & Confluence API: read:space:confluence.

I received this error before ever creating the app, and previous integrations (M365) only required me to authenticate to the SaaS app from the Cloudflare Dash. Is there a possibility there is a Cloudflare/Atlassian maintained app called "Confluence - Cloudflare CASB" that has not been updated to include the correct scopes? My custom app is not called "Confluence - Cloudflare CASB" so I am unsure where that is being sourced from.

I am an org admin so I should have any necessary permissions required.

Many thanks for the reply and please let me know if I can clarify anything!
Thank you!

Like Humashankar VJ likes this
Humashankar VJ
Humashankar VJ
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 2, 2025

Hi @Adam Greer 

It seems that Cloudflare CASB is attempting to use its own pre-configured app for the integration, not the custom app you've created.

This is likely an issue on Cloudflare's end, can you try reaching out Cloudflare support.

Regards

Like Adam Greer likes this
Adam Greer
Adam Greer January 16, 2025

Thank you for your help, Humshankar. I would like to note that this is now resolved. I made a similar post to Cloudflare's forum -- it never got a response, but after about two weeks the Cloudflare CASB <-> Confluence integration natively works for me when selecting 'integrate" as was the initial expected result.

Like Humashankar VJ likes this
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events