Hi Andrew,
If I understand what you are looking for here, you want to be able to disable unused Jira accounts, but have a fear that some of these might have created an OAuth token that allows some other application link to behave as that user. Unfortunately, I have not been able to find a quick way that allows a Jira Admin to be able to locate all the user accounts that might have this kind of setup currently.
This is something that an individual account can see for itself, by going up to your user avatar -> Profile, on that page there is a Tools button with a link to "View OAuth Access Tokens". Each user can reach this at the URL of /plugins/servlet/oauth/users/access-tokens
One approach that might be helpful in your use case here is to use a plugin to Jira Server such as User Switcher for Jira. As a Jira admin the use of this plugin will allow you to temporarily assume the identity of another user account in Jira Server. Once that is done, you can view that URL of /plugins/servlet/oauth/users/access-tokens as that user to see if it has any existing access tokens.
I know this probably is not exactly what you are looking for here, but I thought I would share this approach as I think it can tell you about individual accounts in your Jira Server.
Please let me know if this helps.
Cheers,
Andy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.