I'm integrating the Atlassian Remote MCP Server using the official Go SDK (github.com/modelcontextprotocol/go-sdk v1.6.1).
The MCP connection, OAuth authentication, tool discovery, and input validation all succeed.
However, every Confluence tool execution fails with one of the following generic responses:
{
"error": true,
"message": "We are having trouble completing this action. Please try again shortly."
}or
{
"error": true,
"message": "We couldn't verify your connection settings. Please contact your administrator for assistance."
}This happens even though the OAuth token has the correct Confluence scopes and the tenant is configured to allow Rovo MCP access.
Using OAuth 2.1 Authorization Code Flow with PKCE.
Authentication succeeds.
initialize succeeds.
Server information:
Name: atlassian-mcp-server
Version: 1.0.0The access token contains:
write:confluence-content
write:confluence-space
read:confluence-content.all
read:confluence-content.summary
read:confluence-space.summary
search:confluenceCalling:
GET https://api.atlassian.com/oauth/token/accessible-resourcesreturns:
[
{
"id": "eac0fe47-ec0a-4bf7-9558-c2f9676bb3e3",
"url": "https://trungvdn.atlassian.net",
"name": "trungvdn"
}
]Therefore:
Domains
Permissions
Read permissions include:
Authentication
tools/list succeeds.
The server exposes Confluence tools including:
The input schemas are returned correctly.
Arguments:
{
"cloudId": "eac0fe47-ec0a-4bf7-9558-c2f9676bb3e3",
"spaceId": "98339"
}Response:
{ "error": true, "message": "We are having trouble completing this action. Please try again shortly." }The following have all been verified and are working correctly:
The failure only occurs during tool execution.
Confluence tools should execute successfully when:
Every Confluence tool execution fails with a generic backend error, despite successful authentication, authorization, discovery, and validation.
Is there any additional tenant provisioning, feature flag, product connection, or backend configuration required before Confluence tools can be executed through the Atlassian Remote MCP Server?
If this is expected behavior for Atlassian Free tenants, could this limitation be documented?
Otherwise, this appears to be an issue in the Remote MCP execution layer.
Three things to rule out first.
Free plan entitlement. Rovo is documented as available on Standard, Premium, and Enterprise. "Beta tools are currently free to use" means not billed against credits not that they're available on Atlassian Free plans. Test the same call against a Standard/Premium site to confirm.
Scopes. The classic Confluence scopes you're using (`read:confluence-content.all` etc.) may not be what the MCP execution layer expects. Current MCP docs use granular scopes like `read:space:confluence` and `read:page:confluence`. Try a single read-only tool with only the exact scope it requires, then force a fresh OAuth consent.
Client/domain validation. A token that works against the Confluence REST API doesn't automatically pass the MCP layer's own domain and org policy checks. Test the same tool through an official client (Claude, Cursor, VS Code) to isolate whether the issue is your specifically client.
If all three are clean on a supported plan, that's an Atlassian Support case.
Also According to documentation this error message it's a transient backend error occured during permission check.
Thank you for responding to my issue, @Arkadiusz Wroblewski
I checked Free plan entitlement and Scopes, but it's not the issue
I investigated the OAuth flow further and found another issue that may indicate the problem is related to Atlassian's client registration rather than my implementation.
MCP Server: https://mcp.atlassian.com/v1/mcp
Go SDK: github.com/modelcontextprotocol/go-sdk
OAuth application created in Atlassian Developer Console:
https://developer.atlassian.com/console/myapps
Using the official Go SDK AuthorizationCodeHandler, the generated authorization URL appears valid but opening:
https://mcp.atlassian.com/v1/authorize?...
returns:
500 Internal Server Errorinstead of an OAuth error.
I also tested the Client Credentials grant and received:
oauth2: "invalid_client" "Client not found"The client ID and secret are from a Connected App created in Atlassian Developer Console.
Does Atlassian Remote MCP support OAuth clients created in Atlassian Developer Console (developer.atlassian.com/console/myapps)?
Or does Remote MCP require a different type of client registration (for example, only Atlassian-managed or MCP-specific clients)?
At the moment it appears that the client cannot be recognized by the MCP authorization server, even though it is a valid Connected App in the Developer Console.
Any clarification would be appreciated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think you need some backend clarification from Atlassian because we will start going into a direction of "too much guessing"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Arkadiusz Wroblewski
The Alatssian only support OAuth 2.1 with Dynamic Client Registration (DCR)
They've created a ticket for suport custom app. here:https://jira.atlassian.com/browse/ROVO-870
Maybe I need some available workaround instead.
Thank you!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.