Incorrect state parameter was returned during OAuth 2.0 (3LO) authorization

Hi, I’m using OAuth 2.0 (3LO) authorization in my project. I add state parameter to the as explained in the documentation, but jira redirects to my callback url with incorrect state parameter. For example, I use a string with a strict format as my state parameter, but jira sends to me some long string that does not look like the string that we sent. The problem is fluky, so sometimes it returns correct state parameter but sometimes it returns a random string, looks like some jira cloud api issue.

I saw similar issue but it hasn’t been resolved.

Could you give any advice or recommendation?

Welcome to the Atlassian developer community @dzmitryikudash,

While it does look like you aren’t alone, I’m not able to reproduce the problem. One thing to try is to create a new OAuth client and see if you still get the intermittent behavior.

Another thing is to see if there is something about the state value that might trigger the problem. For example, are you sending any repeat values? Or are there non-alphanumeric characters in the string? When it happens, perhaps you could post the state value here?

While those are things you could try, many OAuth 2.0 troubleshooting cases would require us (Atlassian) to go looking in our logs using your client identification. As such, you might be better off opening a developer support case than trying to get a solution from community members:

I opened ticket in developer support and they said that it was a bug on the api and they already fixed it. Can confirm that I don’t see this problem anymore.

1 Like