Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

MCP Server Authentication Issue - 401 Unauthorized Error | AWS_Strands

itsmesunil
itsmesunil November 10, 2025

Issue Description:
Using Atlassian Remote MCP Server as documented at:

`https://support.atlassian.com/atlassian-rovo-mcp-server/docs/getting-started-with-the-atlassian-remote-mcp-server`
/
Getting 401 Unauthorized error when connecting to https://mcp.atlassian.com/v1/sse

Access token is successfully retrieved from https://auth.atlassian.com/oauth/token

Error occurs during SSE client initialization

 

Steps Taken:
1. Successfully obtained fresh access token via OAuth flow
2. Token refresh works correctly with standard Atlassian API
3. Access token format appears valid (Bearer token)
4. Followed MCP server documentation exactly

 

Please advise

Answer
Watch
Like # people like this
997 views

1 answer

0 votes
Peter_DevSamurai
Peter_DevSamurai
Atlassian Partner
November 18, 2025

Hi @itsmesunil , 

The token from https://auth.atlassian.com/oauth/token is correct for general Atlassian APIs, but MCP requires additional JIT (just-in-time) authorization during the first SSE connection, which must be completed by a site admin. If that's skipped or fails, subsequent requests (even with a token) get 401s. You can try:

1. Ensure 3LO Consent is Completed

  • The first SSE connection triggers a browser-based consent popup (if not authorized). Use a browser to hit https://mcp.atlassian.com/v1/sse as a site admin, complete the flow to register the app with your site's permissions (e.g., for Jira/Confluence access).
  • If no popup or error: Clear browser cache/cookies for auth.atlassian.com, or try incognito. Ensure your app registration (in developer.atlassian.com/apps) has MCP scopes like read:confluence, read:jira-work (add via app edit > Authorization > Scopes).

2. Verify Token & Scopes

  • Your token request should include MCP-relevant scopes, ex:
    • POST https://auth.atlassian.com/oauth/token
      grant_type=authorization_code
      client_id=your_client_id
      client_secret=your_client_secret
      code=auth_code_from_consent
      redirect_uri=your_redirect
      scope=read:confluence read:jira-work offline_access

  • Refresh token flow should use the same scopes. Test token with a standard API (e.g., GET /rest/api/3/myself). If 401's there too, re-auth.

3. SSE Connection Setup

  • Include the token in headers: Authorization: Bearer your_access_token .
  • Example cURL (after consent):

  • If 401 persists: Check console for errors during consent (e.g., "Your site admin must authorize this app") -> Then re-run as admin.

If still stuck (e.g., no consent trigger), it's likely a site config issue, then you should contact support: support.atlassian.com/contact > Rovo/MCP > Authentication > Provide token response (redacted), SSE request, and site URL.

I hope everything works out well for you!

Best,

Peter

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security