OAuth2 Consent provides access to non selected sites

I have an app using OAuth2, following this 3LO guide.
The problem is that whatever site I choose to give access to, I can retrieve data for any of the sites I have access too, using the access token provided after the consent.

How can I prevent this behaviour? I want to be able to retrieve data, only from the site I choose from the drop down menu.


1 Like


That’s not exactly the case. The client only has access to sites to which the user has granted access. However, that access is cumulative. Just because you select a new site on the next run through, does not mean that prior access has been revoked. The UI does not say or mean that only the last consent applies.

That is already true. But, once you have granted access, going through the flow again to select a different site, does not “cancel” previous consent. If you want to revoke a consent, I think the UI is here:


(I can’t seem to get that screen to load for me. Perhaps I have too many OAuth clients!)

@ibuchanan thanks for your swift response.
Ok, now it makes sense. Maybe something should be added to make it more clear.
Also, the link you provided, I believe it works for every “simple” jira user, right?
Thanks again,


Yes, that link should work for anyone. I’m still debugging for myself. And, if it isn’t obvious, should anyone else have problems with that link they can contact customer support (managing these consents an end-user feature, not just for developers).