How to identify requests with xoauth_requestor_id parameter ?

I'd like to identify the following requests sent to my JSD server (found in access.log file) :

"GET /servicedesk/customer/portals?xoauth_requestor_id=xxx HTTP/1.1" 200 6607 47 "-" "Apache-HttpClient/4.5.6 (Java/11.0.5)"
"GET /rest/api/2/field?_=1599482157868&xoauth_requestor_id=xxx HTTP/1.1" 302 - 16 "-" "Apache-HttpClient/4.5.6 (Java/11.0.5)"
"GET /plugins/servlet/streams?use-accept-lang=true&streams=user+IS+xxx&authOnly=true&local=true&maxResults=10&xoauth_requestor_id=xxx HTTP/1.1" 302 - 16 "-" "Apache-HttpClient/4.5.5 (Java/1.8.0_202)"
"GET /servicedesk/customer/portals?xoauth_requestor_id=xxx HTTP/1.1" 200 6618 52 "-" "Apache-HttpClient/4.5.5 (Java/1.8.0_202)"

This JSD server is a private one, not accessible to external users.

It has app links configured with a public Jira and Confluence Data Center platform, sharing the same user directory.

The problem is that the requestor ids ('xxx' in logs above) are external users, even if they are not able to access directly the JSD server.

Which component does initiate these requests and for which use case ?

There are 2 different user agents logged, "Apache-HttpClient/4.5.6 (Java/11.0.5)" seems to be a Confluence server when "Apache-HttpClient/4.5.5 (Java/1.8.0_202)" seems to be a Jira server.