Connect Attlasian MCP from a custom web Application

I am able to connect to Attlasian MCP from our internal web application through MCP-Remote. But we are unable to establish interactive oauth when we host it. Can you please share how to conenct Attlasian MCP with an Production level Web Application ?

2 comments

Comment

You can add the domains you trust or block Atlassian-supported domains in the admin portal.

https://support.atlassian.com/security-and-access-policies/docs/available-atlassian-rovo-mcp-server-domains/

Like • Priyadarshini R likes this

Hi Aaron, thanks for the reply. We are able to connect to the Atlassian MCP server successfully from our internal web app using "mcp remote".

However, the issue we are facing is not domain blocking.

It is with the interactive OAuth 2.1 flow when the app is hosted in production.

Locally, on localhost with "mcp remote", the browser based Atlassian login and consent flow works as expected.

In production, on our hosted domain, the OAuth redirect flow fails. The consent screen does not complete or redirect back to our app correctly.
Because of this, we cannot establish a valid MCP session token for production users.

We are trying to understand the following.

Whether custom web applications are officially supported as MCP clients today beyond localhost and "mcp remote".
If so, what the correct OAuth 2.1 configuration is for production:
- Required redirect URI format
- PKCE expectations
- any allowlisting of client IDs or domains.
Whether Atlassian currently restricts non approved MCP clients from completing OAuth in production environments.

Could you please clarify if production web apps are supported today, and if there is any additional setup required beyond OAuth 2.1 and MCP.

Like • like this

Hi, Yes, production web apps should work too and there is no additional setup needed from OAuth perspective.

May be adding the IP to the allowed-list will help, see this:
https://support.atlassian.com/security-and-access-policies/docs/control-atlassian-rovo-mcp-server-settings/

If it still doesn't work, pls file a support ticket and we will investigate further

@Sunil Kunisetty do you happen to have a step-by-step for how production web apps should set it up?

Teams have reported this same issue to me as they are under the impression they are blocked to only set up apps using localhost even after we have whitelisted/allow-listed custom domains for them.

I am not sure of the exact blockers they are hitting and I know some documentation was outdated when we first gained control of that functionality for whitelisting, but maybe if you have a step-by-step it will help @Priyadarshini R and others that have reported this same limitation to me.

Hi, We don't differentiate production vs non-production, same steps should apply. Once whitelisted, they should work. If it still doesn't work, pls file a support ticket and we will investigate further

Hi,

Apologies for the inconvenience.

Would you be available for a 10-minute debugging session?

Please book a slot using one of the links below:

• AU/IN timezone: https://atlassian.zoom.us/zbook/ibraheem-osama/debug-mcp
• US/EU timezone: https://atlassian.zoom.us/zbook/dilip-venkatesh/debug-mcp

If you're unable to schedule a session, please provide the following information:

• MCP Logs
• MCP Configurations
• mcp-remote version
• Node.js version (node -v)

─────────────────────────────────────────

KNOWN ISSUES & SOLUTIONS

1. Update mcp-remote
• Update to mcp-remote@latest or mcp-remote@0.1.38

2. Update your IDE/CLI
• Please ensure you're using the latest version of your IDE or CLI

3. Use the correct endpoint
• Important: Use https://mcp.atlassian.com/v1/mcp
• Do not use: https://mcp.atlassian.com/v1/sse endpoint

4. API Token Configuration
• We've released API Tokens for headless authentication
• Requirement: Organization admin must enable API Tokens
• Configuration guide: https://support.atlassian.com/atlassian-rovo-mcp-server/docs/configuring-authentication-via-api-token/
• Org admin enablement: https://support.atlassian.com/security-and-access-policies/docs/control-atlassian-rovo-mcp-server-settings/#Configure-authentication

5. Consistent Authentication
• Use API Tokens for consistent authentication when using multiple windows/sessions

─────────────────────────────────────────

Thanks

Like • Greg D likes this

Hi @Dilip Venkatesh

As far as my understanding, mcp-remote could be used only for dev environments. correct me if I am wrong.

@Sunil Kunisetty @Aaron Haydon @Dilip Venkatesh @Greg D

I am able to connect to Atlassian MCP Server through OAuthClientProvider provided by the MCP. Whitelisting the domain was also required.

I used the below example as reference to establish the connection.
https://github.com/modelcontextprotocol/python-sdk/blob/main/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py

Thank you for trying to help me sort the issue.

Like • like this

Was this helpful?

Thanks!

Atlassian Rovo MCP Server

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Connect Attlasian MCP from a custom web Application

2 comments

Comment

Was this helpful?

Thanks!

TAGS

Atlassian Community Events