According to https://developer.atlassian.com/server/jira/platform/oauth/ JIRA Server implements OAuth 1.0a. But with a JIRA Server 8.13.10 installation we need to authenticate against, we run into the problem that
oauth_callback_confirmed from the Request Token response, which an OAuth 1.0a Service Provider “MUST” send (OAuth Core 1.0a), is missing. This is new in OAuth 1.0a compared to OAuth 1.0, which also fixes a severe security vulnerability (link will follow).
Does JIRA Server only implement the vulnerable OAuth 1.0 standard and not the fixed 1.0a version?