A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Invalid session error on OAuth callback when accessing Atlassian MCP via proxy

manikanta_ambati_accenture
manikanta_ambati_accenture
December 15, 2025

We are integrating Atlassian MCP Remote server with an IDE client (VS Code) and accessing it via a reverse proxy (Apigee) for security and logging.

The MCP initialization succeeds, but during the OAuth flow, the callback endpoint fails with an “invalid session” error.

The same setup works correctly when connecting directly to https://mcp.atlassian.com, without the proxy.

Error Details:
URL: mcp.atlassian.com/v1/callback?state=eyJzZXNzaW9uX2lkIjoiNDRlNzRjM2QtZDE1ZS00NWY4LTgxODYtZGUyOGQ0OGM5MjNkIiwib3JpZ2luYWxfcmVkaXJlY3RfdXJpIjoiaHR0cDovLzEyNy4wLjAuMTozMzQxOC8ifQ%3D%3D&code=eyJraWQiOiJBVVRIX...
Response: Invalid session


Answer
Watch
Like Be the first to like this
26 views

1 answer

0 votes
Tomislav Tobijas
Tomislav Tobijas
Community Champion
December 16, 2025

Hey @manikanta_ambati_accenture ,

Just a note at the beginning that there's a dedicated Atlassian Rovo MCP Server forum discussion group where you'll probably get more responses about these kinds of topics and questions.
I'll ask mods if they can move this question there.

Anyway, I'm not an expert on this, but issues such as "invalid session" during OAth callback could be caused by:

  • Mismatched Redirect URIs
  • Session or Cookie Handling
  • Base URL Configuration

You could check and ensure the callback/redirect URI is consistent and allowed in your OAuth app config.; check if Apigee is not modifying or stripping cookies, headers, or other parameters.
Also, if possible, allow the callback URI and check your network/proxy/firewall settings to ensure they're not interfering with the OAuth flow.

Here's this article that might help as well: Authentication and authorization 

Again, I haven't worked that much with the MCP server, so if anyone else stumbled upon this, feel free to chime in.

Cheers,
Tobi

View More Comments
manikanta_ambati_accenture
manikanta_ambati_accenture
December 16, 2025

Thanks @Tomislav Tobijas 
I've posted my question there.

Also, I heard that the MCP server does not support registered OAuth2 apps from the developer console; please correct me if that's incorrect.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security