OAuth 3LO Flow with ASP.NET Core

Hi there!

We are trying to integrate 3LO OAuth with our app by follwing your docs here: https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/

Unfortunately we only get an error when we try to send our request to:
auth.atlassian .com/authorize?.. saying that we should contact support. Instead we would expect a consent sscreen.

We try to get the following scopes:
read:jira-user read:servicedesk-request read:jira-work
but no combination worked so far. Not even view:userprofile
If we omit the scopes it says we did not request any scopes.

More detail:

  1. Request from browser:
auth.atlassian .com/authorize
  1. In return we get an 302 redirect
id.atlassian .com/oidc/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Fauth.atlassian.com%2Flogin%2Fcallback&state=....&client_id=RP6...
  1. The browser makes the redirect
auth.atlassian .com/login/callback?code=3c47863b...&state=ncBdCS...
  1. In return we get a 302 and the browser makes the call:
api.atlassian .com/oauth2/authorize/consent?state=g6Fo2S...

Boom, here we only get an error page…

We are ready to share our code with you. It’s C# ASP.NET Core 2.2.



We will need to investigate this further. Could you please raise a ticket at Developer Service Desk portal and provide all the details including your authorisation URL?



In your first auth.atlassian.com URL, you are missing the audience=api.atlassian.com and prompt=consent query parameters. We have a stricter implementation of OAuth 2.0 than most libraries, nonetheless these query params are required.

If this resolves your issue, we’ll raise this with the 3LO team to have a more informative error message.

Hi @mventnor and @aagrawal2

Thanks for your inputs. I have adjusted the first call as requested and added the two params like:

&audience=api.atlassian.com        <------------------
&prompt=consent                          <------------------

Unforunately I get the same (general) error at the end of the flow.
Nevermind, I publish the further steps again, just for investigation:

In return to the first call above I get an 302:


Where I get another 302 with the code:


From where I get another redirect:


Wich leads to an 200, but the webpage shows the error page.
A few ajax calls to api.segment.io/v1/p, /t and /i all return succes: true

Should I still open a ticket at Service Desk portal?


Hi @DavidKeller,

Thanks for sharing the details. I would recommend that you open a ticket at the portal with all these info.

Thanks - we’re opening a ticket.