Need to Identify Selected Cloud ID in OAuth 2.0 (3LO) Flow

I am integrating Jira Cloud using the OAuth 2.0 (3LO) authorization flow. During the consent screen, the user is asked to select a specific Jira site (cloud instance). However, after the access token is issued, when I call the /oauth/token/accessible-resources endpoint, I receive multiple cloud sites, and there is no clear way to identify which one was selected by the user during the consent step.

My concern is:

  • I only want to connect the user to the specific Jira site they selected during consent.
  • The returned cloud IDs all have the same scopes, so I cannot filter by permissions.
  • There is no indication in the access token response or accessible-resources response to determine the selected site.

Questions:

  1. Is there a supported way to retrieve the specific cloud ID the user selected on the consent screen?
  2. If not, is this expected behavior? Is there a workaround you recommend beyond asking the user to pick the site again after authentication?

Thanks in advance for your help.

2 Likes