Atlassian Rovo MCP OAuth Updates

Hi Everyone,

Atlassian Rovo MCP will start utilising a different auth server (Atlassian Identity) for DCR OAuth from May 27, 2026. For the majority of you, this will require no change - your MCP client will make the required changes to ensure that things continue to work as expected.

Any existing custom client implementations must ensure that they are not caching the auth state (including client_id and the /.well-known/oauth-authorization-server discovery document) as these will not be recognised the by the new server.

The new DCR OAuth implementation can be tested in the interim through the use of the https://mcp.atlassian.com/v1/mcp/authv2 url. In addition, this the new authorisation server details can be temporarily determined via https://mcp.atlassian.com/.well-known/oauth-protected-resource/v1/mcp/authv2.

From May 27, 2026 all requests to https://mcp.atlassian.com/v1/mcp will utilise the new auth server and any clients which are still caching may start to fail.

By adopting this url prior to the rollout, you’ll also unlock access to some of our newer toolsets, such as read_teamwork_graph, enabling enriched graph-based content discovery and better user consent experience.

This change will respect all existing policies or controls which admins have implemented; the domain allowlists, permissions and audit logs will continue to work as they do today.

If you have any questions, please let us know in the comments below.