Atlassian Oauth2 Keys

Bridgecrew Policy ID: BC_GIT_25
Checkov Check ID: CKV_SECRET_25
Severity: LOW

Atlassian Oauth2 Keys

Description

OAuth is an authorization protocol that contains an authentication step. OAuth allows a user (resource owner) to grant a third-party application (consumer/client) access to their information on another site (resource). This process is commonly known as the OAuth dance. Jira uses 3-legged OAuth (3LO), which means that the user is involved by authorizing access to their data on the resource (as opposed to 2-legged OAuth, where the user is not involved).

In Jira, a client is authenticated as the user involved in the OAuth dance and is authorized to have read and write access as that user. The data that can be retrieved and changed by the client is controlled by the user's permissions in Jira.

The authorization process works by getting the resource owner to grant access to their information on the resource by authorizing a request token. This request token is used by the consumer to obtain an access token from the resource. Once the client has an access token, it can use the access token to make authenticated requests to the resource until the token expires or is revoked.

Fix - Buildtime

Atlassian Services

You can only delete an app if it's not installed anywhere. If your app is currently installed on a site, uninstall it.
Select Settings in the left menu, and select Delete app.