I’m looking to build an integration with an MCP server. I’ve created my app in the developer area and the OAuth2 nearly works. After I authorise on the Atlassian page I’m redirected to my callback, which should do the code - token exchange with
POST https://auth.atlassian.com/oauth/token
I’m passing the argument as per https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/
grant_type=authorization_code
redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcallback
code=<my code>
code_verifier=<code verifier value>
client_id=<client id>
client_secret=<secret>
But I get a 400 Bad Request with
{“error”:“invalid_target”,“error_description”:“Incorrect resource parameters”}
Invalid_target is the RFC8707 extension - as per RFC 8707: Resource Indicators for OAuth 2.0
The Atlassian page makes no comment about this. I tried passing the resource= query param which matches the claim in the code JWT but to no avail
https://id.atlassian.com/resource
["http://localhost:8000/mcp"]
Anybody else come across this and figured the solution?
BTW, the app isn’t Jira specific, I was aiming to access Confluence also. This is cloud based Jira/Confluence.
Tim