Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Atlassian Remote MCP tools fail during execution despite successful OAuth and tool disco

Nhat Trung Vo
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 27, 2026

Summary

I'm integrating the Atlassian Remote MCP Server using the official Go SDK (github.com/modelcontextprotocol/go-sdk v1.6.1).

The MCP connection, OAuth authentication, tool discovery, and input validation all succeed.

However, every Confluence tool execution fails with one of the following generic responses:

{
  "error": true,
  "message": "We are having trouble completing this action. Please try again shortly."
}

or

{
  "error": true,
  "message": "We couldn't verify your connection settings. Please contact your administrator for assistance."
}

This happens even though the OAuth token has the correct Confluence scopes and the tenant is configured to allow Rovo MCP access.


Environment

  • Atlassian Cloud
  • Confluence Cloud
  • Atlassian Free Plan
  • Atlassian Remote MCP Server
  • Go SDK: github.com/modelcontextprotocol/go-sdk v1.6.1
  • Go 1.24
  • Windows 11

Authentication

Using OAuth 2.1 Authorization Code Flow with PKCE.

Authentication succeeds.

initialize succeeds.

Server information:

Name: atlassian-mcp-server
Version: 1.0.0

OAuth scopes

The access token contains:

write:confluence-content
write:confluence-space
read:confluence-content.all
read:confluence-content.summary
read:confluence-space.summary
search:confluence

Accessible Resources

Calling:

GET https://api.atlassian.com/oauth/token/accessible-resources

returns:

[
  {
    "id": "eac0fe47-ec0a-4bf7-9558-c2f9676bb3e3",
    "url": "https://trungvdn.atlassian.net",
    "name": "trungvdn"
  }
]

Therefore:

  • OAuth token is valid
  • Cloud ID is correct

Rovo MCP Configuration

Domains

  • Allow Atlass supported domains = Enabled

Permissions

  • Read = Allowed
  • Write = Allowed
  • Search = Allowed

Read permissions include:

  • read_confluence
  • read_teamwork_graph
  • Allow all permissions enabled

Authentication

  • OAuth 2.1
  • API Token authentication enabled

Tool Discovery

tools/list succeeds.

The server exposes Confluence tools including:

  • getConfluenceSpaces
  • createConfluencePage

The input schemas are returned correctly.


Tool Calls

getConfluenceSpaces

Arguments:

{
  "cloudId": "eac0fe47-ec0a-4bf7-9558-c2f9676bb3e3",
  "spaceId": "98339"
}

Response:

{ "error": true, "message": "We are having trouble completing this action. Please try again shortly." }

What has already been verified

The following have all been verified and are working correctly:

  • OAuth 2.1 Authorization Code + PKCE
  • Access Token
  • Accessible Resources
  • Cloud ID
  • MCP initialize
  • tools/list
  • Tool discovery
  • Tool input schema
  • Input validation
  • Rovo permissions
  • Rovo authentication configuration
  • Rovo domain configuration

The failure only occurs during tool execution.


Expected Result

Confluence tools should execute successfully when:

  • OAuth authentication succeeds
  • Required scopes are granted
  • Rovo permissions allow Read/Write/Search
  • Tool discovery succeeds
  • Input passes schema validation

Actual Result

Every Confluence tool execution fails with a generic backend error, despite successful authentication, authorization, discovery, and validation.


Question

Is there any additional tenant provisioning, feature flag, product connection, or backend configuration required before Confluence tools can be executed through the Atlassian Remote MCP Server?

If this is expected behavior for Atlassian Free tenants, could this limitation be documented?

Otherwise, this appears to be an issue in the Remote MCP execution layer.

1 answer

1 accepted

0 votes
Answer accepted
Arkadiusz Wroblewski
Community Champion
June 27, 2026

Hi @Nhat Trung Vo 

Three things to rule out first.

Free plan entitlement. Rovo is documented as available on Standard, Premium, and Enterprise. "Beta tools are currently free to use"  means not billed against credits not that they're available on Atlassian Free plans. Test the same call against a Standard/Premium site to confirm.

Scopes. The classic Confluence scopes you're using (`read:confluence-content.all` etc.) may not be what the MCP execution layer expects. Current MCP docs use granular scopes like `read:space:confluence` and `read:page:confluence`. Try a single read-only tool with only the exact scope it requires, then force a fresh OAuth consent.

Client/domain validation. A token that works against the Confluence REST API doesn't automatically pass the MCP layer's own domain and org policy checks. Test the same tool through an official client (Claude, Cursor, VS Code) to isolate whether the issue is your specifically client.

If all three are clean on a supported plan, that's an Atlassian Support case.

Also According to documentation this error message it's a transient backend error occured during permission check. 

https://support.atlassian.com/security-and-access-policies/docs/Configure-Atlassian-Rovo-MCP-server-permission/ 

Screenshot_20260627-122825.png

Nhat Trung Vo
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 28, 2026

Thank you for responding to my issue,   @Arkadiusz Wroblewski 
I checked Free plan entitlement and Scopes, but it's not the issue

I investigated the OAuth flow further and found another issue that may indicate the problem is related to Atlassian's client registration rather than my implementation.

Environment

Test 1 - Authorization Code + PKCE

Using the official Go SDK AuthorizationCodeHandler, the generated authorization URL appears valid but opening:

https://mcp.atlassian.com/v1/authorize?...

returns:

500 Internal Server Error

instead of an OAuth error.

Test 2 - Client Credentials

I also tested the Client Credentials grant and received:

oauth2: "invalid_client" "Client not found"

The client ID and secret are from a Connected App created in Atlassian Developer Console.

Question

Does Atlassian Remote MCP support OAuth clients created in Atlassian Developer Console (developer.atlassian.com/console/myapps)?

Or does Remote MCP require a different type of client registration (for example, only Atlassian-managed or MCP-specific clients)?

At the moment it appears that the client cannot be recognized by the MCP authorization server, even though it is a valid Connected App in the Developer Console.

Any clarification would be appreciated.

Arkadiusz Wroblewski
Community Champion
June 28, 2026

@Nhat Trung Vo 

I think you need some backend clarification from Atlassian because we will start going into a direction of "too much guessing" 

Nhat Trung Vo
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 28, 2026

@Arkadiusz Wroblewski 
The Alatssian only support OAuth 2.1 with Dynamic Client Registration (DCR)
They've created a ticket for suport custom app. here:https://jira.atlassian.com/browse/ROVO-870

Maybe I need some available workaround instead.
Thank you!

Like • Arkadiusz Wroblewski likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events