A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Problem connecting a MCP desktop application to the Atlassian Claude MCP Oauth based server

Radu Coravu
Radu Coravu
May 31, 2026

I'm working on a desktop AI assistant which can take its model context protocol configuration from a JSON file like this:

{
"servers": {
"atlassian": {
"type": "http",
"url": "https://mcp.atlassian.com/v1/mcp/authv2"
}
}
}

Then it does protocol discovery, finds the client ID and secret, then it opens a web browser. But inside the web browser I get the error:

Something went wrong

Raise a support request
Invalid context provided. Please try authorizing again.

 

And I'm not sure what the problem is.
Here's the logging from my client side application:



14:12:05 8702 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthDiscovery - Starting OAuth discovery for MCP URL https://mcp.atlassian.com/v1/mcp/authv2
14:12:05 8702 DEBUG [ Load MCP Config ] com.oxygenxml.positron.mcp.MCPManager - Skip reloading unchanged MCP configuration from file:/Users/raducoravu/Desktop/mcp/atlassian-mcp-oauth.json
14:12:05 8703 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthHttp - OAuth HTTP POST https://mcp.atlassian.com/v1/mcp/authv2
14:12:05 8965 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthHttp - OAuth HTTP POST https://mcp.atlassian.com/v1/mcp/authv2 -> 401
14:12:05 8965 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthDiscovery - MCP probe returned HTTP 401
14:12:05 8965 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthDiscovery - Using protected-resource metadata from https://mcp.atlassian.com/.well-known/oauth-protected-resource/v1/mcp/authv2
14:12:05 8965 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthHttp - OAuth HTTP GET https://mcp.atlassian.com/.well-known/oauth-protected-resource/v1/mcp/authv2
14:12:05 9118 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthHttp - OAuth HTTP GET https://mcp.atlassian.com/.well-known/oauth-protected-resource/v1/mcp/authv2 -> 200
14:12:05 9119 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthDiscovery - Fetching authorization server metadata from https://auth.atlassian.com/.well-known/oauth-authorization-server/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3
14:12:05 9119 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthHttp - OAuth HTTP GET https://auth.atlassian.com/.well-known/oauth-authorization-server/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3
14:12:05 9363 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthHttp - OAuth HTTP GET https://auth.atlassian.com/.well-known/oauth-authorization-server/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3 -> 200
14:12:05 9363 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthDiscovery - Loaded authorization server metadata from https://auth.atlassian.com/.well-known/oauth-authorization-server/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3
GET CL ID null
14:12:05 9364 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthDiscovery - OAuth discovery via protected-resource metadata succeeded: authorizeUrl=https://auth.atlassian.com/authorize, tokenUrl=https://auth.atlassian.com/oauth/token, clientId=(none), clientSecret=(none), redirectUri=http://127.0.0.1:8722/oauth/callback, pkce=true, resource=https://mcp.atlassian.com/v1/mcp/authv2, registrationEndpoint=https://auth.atlassian.com/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3/dcr/register, scopes=[read:me, read:account, offline_access, read:jira-work, write:jira-work, search:confluence, read:confluence-user, read:page:confluence, write:page:confluence, read:comment:confluence, write:comment:confluence, read:space:confluence, read:hierarchical-content:confluence, write:component:compass, read:component:compass, read:scorecard:compass, write:scorecard:compass, read:event:compass, read:metric:compass, read:all:twg]
14:12:05 9364 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthTokenStore - No stored MCP OAuth client registration for atlassian
14:12:05 9364 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthDiscovery - Registering OAuth client at https://auth.atlassian.com/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3/dcr/register (redirectUri=http://127.0.0.1:8722/oauth/callback, clientName=Oxygen AI Positron MCP - atlassian)
14:12:05 9364 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthHttp - OAuth HTTP POST https://auth.atlassian.com/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3/dcr/register
14:12:07 11230 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthHttp - OAuth HTTP POST https://auth.atlassian.com/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3/dcr/register -> 201
14:12:07 11230 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthDiscovery - OAuth client registration succeeded (clientId=5PnJeDXfA5Iq8BBDt38HDHlMEg2HTKIm, clientSecret=(set))
14:12:07 11238 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthTokenStore - Saved MCP OAuth client registration for atlassian (clientId=5PnJeDXfA5Iq8BBDt38HDHlMEg2HTKIm, clientSecret=(set))
14:12:07 11238 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthTokenStore - No stored MCP OAuth tokens for atlassian
14:12:07 11238 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthClient - Starting interactive OAuth flow for MCP server 'atlassian': authorizeUrl=https://auth.atlassian.com/authorize, tokenUrl=https://auth.atlassian.com/oauth/token, clientId=5PnJeDXfA5Iq8BBDt38HDHlMEg2HTKIm, clientSecret=(set), redirectUri=http://127.0.0.1:8722/oauth/callback, pkce=true, resource=https://mcp.atlassian.com/v1/mcp/authv2, registrationEndpoint=https://auth.atlassian.com/VCeDsk8ZHncYF1g234fKtc4lNipbBhu3/dcr/register, scopes=[read:me, read:account, offline_access, read:jira-work, write:jira-work, search:confluence, read:confluence-user, read:page:confluence, write:page:confluence, read:comment:confluence, write:comment:confluence, read:space:confluence, read:hierarchical-content:confluence, write:component:compass, read:component:compass, read:scorecard:compass, write:scorecard:compass, read:event:compass, read:metric:compass, read:all:twg]
14:12:07 11239 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthClient - PKCE enabled for MCP server 'atlassian'
Append https://mcp.atlassian.com/v1/mcp/authv2

AUTHORIZE URL

https://auth.atlassian.com/authorize?response_type=code&client_id=5PnJeDXfA5Iq8BBDt38HDHlMEg2HTKIm&redirect_uri=http%3A%2F%2F127.0.0.1%3A8722%2Foauth%2Fcallback&state=6ca2e5cf-caf6-4595-a05d-c85172983860&scope=read%3Ame+read%3Aaccount+offline_access+read%3Ajira-work+write%3Ajira-work+search%3Aconfluence+read%3Aconfluence-user+read%3Apage%3Aconfluence+write%3Apage%3Aconfluence+read%3Acomment%3Aconfluence+write%3Acomment%3Aconfluence+read%3Aspace%3Aconfluence+read%3Ahierarchical-content%3Aconfluen...


14:12:07 11239 DEBUG [ Timer-0 ] com.oxygenxml.positron.mcp.oauth.MCPOAuthClient - Opening browser authorization for MCP server 'atlassian' (redirectUri=http://127.0.0.1:8722/oauth/callback)

Answer
Watch
Like Alexander Nilsson likes this
746 views

2 answers

1 vote
Alexander Nilsson
Alexander Nilsson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
May 31, 2026

Hello Radu,

good news first: your config file does not need a new field. The part that has to change is one parameter in the OAuth requests your client builds. The JSON stays exactly as it is:

{
  "servers": {
    "atlassian": {
      "type": "http",
      "url": "https://mcp.atlassian.com/v1/mcp/authv2"
    }
  }
}

The missing piece is the resource parameter. Right now your client opens this authorize URL:

https://auth.atlassian.com/authorize?response_type=code&client_id=...&scope=...

It should open this instead, with one extra parameter at the end:

https://auth.atlassian.com/authorize?response_type=code&client_id=...&scope=...&resource=https%3A%2F%2Fmcp.atlassian.com%2Fv1%2Fmcp%2Fauthv2

Then do the same on the token request to https://auth.atlassian.com/oauth/token: add a form field resource=https://mcp.atlassian.com/v1/mcp/authv2. Same value, both requests. This is the bit that tells Atlassian which resource the token is for, and the MCP spec says it has to be on both requests. When it is missing, you get "Invalid context provided".

https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization

One thing to check while you are in there: your printed URL was cut off, so make sure code_challenge and code_challenge_method=S256 are also on the authorize URL, since you have PKCE enabled.

If the resource parameter is on both requests and it still fails, the problem is most likely on Atlassian's side. Open a support ticket with the Atl-Request-Id from the failed call:

https://support.atlassian.com/contact/#/

Greetings,

Alex

View More Comments
Radu Coravu
Radu Coravu
June 2, 2026

Thanks Alex,
My initial code also passed the resource parameter, I made it simpler as I was trying to find out why this does not work, I reverted it and run again the
connection, now my authorize URL opened in the web browser is this one:


Authorize URL https://auth.atlassian.com/authorize?response_type=code&client_id=pSQC3crKNywiKjt4PtN6ms03Ww58ob4D&redirect_uri=http%3A%2F%2F127.0.0.1%3A8722%2Foauth%2Fcallback&state=d1f1bce1-a0f5-4088-9897-7a587686fe1d&scope=read%3Ame+read%3Aaccount+offline_access+read%3Ajira-work+write%3Ajira-work+search%3Aconfluence+read%3Aconfluence-user+read%3Apage%3Aconfluence+write%3Apage%3Aconfluence+read%3Acomment%3Aconfluence+write%3Acomment%3Aconfluence+read%3Aspace%3Aconfluence+read%3Ahierarchical-content%3Aconfluence+write%3Acomponent%3Acompass+read%3Acomponent%3Acompass+read%3Ascorecard%3Acompass+write%3Ascorecard%3Acompass+read%3Aevent%3Acompass+read%3Ametric%3Acompass+read%3Aall%3Atwg&resource=https%3A%2F%2Fmcp.atlassian.com%2Fv1%2Fmcp%2Fauthv2&code_challenge=44ErrIZZ8XbB-Orkbquhr5ZaSFxakm53Fv7XvGw7cBY&code_challenge_method=S256

it contains the resource parameter but still I get this error reported in the web browser:

 

Invalid context provided. Please try authorizing again. 

 

So still no luck and the same code works for another colleague who created an Atlassian JIRA Cloud free account, it's as if there is some server side setting although I did not change anything on the server side and neither did he.

Like
Alexander Nilsson
Alexander Nilsson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
June 3, 2026

Hello Radu,

good, this narrows it down a lot. The resource parameter and code_challenge_method=S256 are both on the authorize URL now, so the client side is doing the right thing. The useful part of your update is the other detail: the same client works for a colleague on a fresh free site and fails for you. That tells us the variable is not the code, it is the Atlassian account the browser is signed into when the authorize page loads.

"Invalid context provided" is raised by Atlassian on the consent step, before any token is issued. That step is where Atlassian works out which Atlassian apps and which site (cloudId) your signed-in user can actually grant access to, and the access token is consented for one specific site. A brand new free account has exactly one site and clean product access, so that context is unambiguous and the flow completes. When Atlassian cannot resolve a valid site and product context for the signed-in user, the consent page fails instead of rendering.

So I would check these, in order, in the browser that opens for the flow:

  • Open your actual site directly first (yoursite.atlassian.net) in that same browser and confirm you genuinely have Jira or Confluence access on it, then run the flow again in the same session. The error can simply mean the signed-in user has no site to consent for.
  • Make sure only one Atlassian identity is signed into that browser. A multi-account or stale session is a common cause of context failures at the consent screen. The cleanest test is a fresh incognito window signed into the single account only.
  • Rule out the local browser side too. A pop-up blocker or a blocked redirect URI can break the flow, so allow pop-ups for the Atlassian page and make sure your callback is reachable through the browser and firewall. The docs use http://localhost:3334 as the example to allowlist; your client uses http://127.0.0.1:8722/oauth/callback, so allow that one.

Further Reference: https://support.atlassian.com/atlassian-rovo-mcp-server/docs/troubleshooting-and-verifying-your-setup/

Unfortunetly the public docs do not spell out the exact string "Invalid context provided", so I am mapping it to the documented site and product context behaviour rather than quoting a page that names it. If the account has an accessible site, you run the flow in a clean single-account session, and it still fails, then it is account or backend side and not something you can fix in the client. Therefore please open a support ticket at https://support.atlassian.com/contact/#/

Greetings,

Alex

Like
Radu Coravu
Radu Coravu
June 10, 2026

Hi Alex, somehow the MCP OAuth started working again with my Atlassian sample site, without me doing anything in the code, thanks for the guidance, I still do not understand why it stopped working, why it started working, but we'll see it it happens again. 

Like
Reply
0 votes
Dr Valeri Colon _Connect Centric_
Dr Valeri Colon _Connect Centric_
Community Champion
June 16, 2026

@Radu Coravuyour logs show that Dynamic Client Registration succeeds, PKCE is configured correctly, and the authorization URL includes the required resource parameter. Since the same client worked for another Atlassian account and later began working for your account without any code changes, this points to a temporary Atlassian-side authorization or provisioning issue rather than a problem in your implementation.

If the issue recurs, capture the request timestamp, Atlassian account used, and any request IDs from the authorization flow, then open an Atlassian Support ticket. It would also be helpful to confirm whether multiple Atlassian sites or accounts were active in the browser session at the time.

Thanks for sharing the outcome—it may help others encountering the same intermittent behavior.

View More Comments
Radu Coravu
Radu Coravu
June 16, 2026

Thanks Valeri, I'm using a free Atlassian account so I could not open a support ticket, I had only one site active at that time. We'll see if the problem occurs again.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Rovo Atlassian Intelligence
Rovo
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security