A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

OAuth 2.0 app getting "access_denied - Unauthorized" when connecting to Rovo MCP server.

Abdullah Baig
Abdullah Baig
June 19, 2026

We are building a custom webapp and trying to connect to the Atlassian Rovo MCP server using OAuth 2.0 (Authorization Code + PKCE) for per-user authentication.

We have:
✅ Created an OAuth 2.0 app in the Atlassian Developer Console
✅ Added our domain to the Rovo MCP server domain allowlist in Atlassian Administration
✅ Completed the OAuth PKCE flow successfully — token obtained
✅ MCP session initializes successfully (Session ID assigned)
✅ Direct Atlassian REST APIs work perfectly with the same token:
- GET api.atlassian.com/me → 200 OK
- GET Jira /rest/api/3/project → 200 OK
- GET Confluence /wiki/api/v2/spaces → 200 OK

❌ Every Rovo MCP tool call fails with:
"We are having trouble completing this action. Please try again shortly."

❌ Rovo search tool specifically returns:
"We couldn't verify your connection settings.
Please contact your administrator for assistance."

❌ When attempting token exchange via our platform:
"token request failed: OAuth error: access_denied - Unauthorized"

❌ Dynamic Client Registration returns 404 — not supported

The token is clearly valid for all Atlassian REST APIs. The rejection
is happening specifically at the MCP server layer.

We believe the issue is that our OAuth client_id is not registered as
a trusted client on the MCP server side — similar to how ```cursor.mcp```,
```mcp.docker.com```, ```claude.ai``` etc. are on the official supported domains list.

Questions:
1. Is there a process for third-party platforms to register their
OAuth client_id as trusted with the Rovo MCP server?
2. Is adding a custom domain to the allowlist sufficient, or does
the OAuth app also need to be registered separately with Atlassian?
3. Is there an official partner/whitelisting program for this?

Reference: Similar issue reported here:
https://community.atlassian.com/forums/Jira-questions/Connecting-Atlassian-Rovo-MCP-with-a-custom-webapp/qaq-p/3204705

Related feature request: AI-1194
https://jira.atlassian.com/browse/AI-1194

Official docs referenced:
https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-rovo-mcp-server/
https://support.atlassian.com/security-and-access-policies/docs/available-atlassian-rovo-mcp-server-domains/

Answer
Watch
Like Be the first to like this
23 views

0 answers

Suggest an answer

Log in or Sign up to answer
Rovo Atlassian Intelligence
Rovo
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security