Oauthclientid returns error containing the wrong clientid

Currently I am a part of a development team at my university trying to create an add on for Jira. I attempted to use the sample code located here to use Oauth2 for my add on. However, the commander didn’t work for me (it crashed my node server) so I attempted to just add my clientid manually to see if the code would work.
I ended up getting an error message that I can’t seem to figure out:

undefined: Couldn’t get access token from response
{ error: ‘invalid_request’,
error_description: ‘Invalid oauthClientId: e3fvv71177-977-977-977-977-977-977-977-977-977-977-9fu-_ve-_vXZr77-9X3NH77-9’ }

The part I can’t understand is why it returns a different clientid than I send. I’m fairly certain I am sending the correct key so I descided to look at my debug tool to see what exactly I was sending and it can be seen here
Clearly It is sending back a completely different id. If anyone could help me find what I could be doing wrong, my team and I would greatly appreciate it because we have all reviewed the code and cannot seem to figure it out. Thanks!

I am part of the team working on this as well.
Does anyone have any information on how to use OAuth to do this? We need this information to write features for our app.

Can you open a DEVHELP ticket? This seems like it might be a bug and needs further triage. You can open a bug report here.


1 Like

I too am facing a similar issue. The documentation is super confusing on this issue as the response from the connect framework doesn’t have anything resembling an “oauthClientId” (it contains a clientKey). There are also at least 2 different set of docs on the issue, each with their own set of slightly different instructions (one of which references an add-on id – not sure what that is):

  1. https://developer.atlassian.com/static/connect/docs/latest/concepts/OAuth2-JWT-Bearer-Token-Authentication.html
  2. https://developer.atlassian.com/static/connect/docs/latest/concepts/understanding-jwt.html

I’m trying to do this in golang – snippet looks like:

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
		"iss": fmt.Sprintf("urn:atlassian:connect:clientid:%s", clientKey),
		"tnt": instanceURL,
		"sub": "urn:atlassian:connect:userkey:admin",
		"aud": jiraAuthURL,
		"iat": time.Now().Unix(),
		"exp": time.Now().Unix() + 10, // expires in 10 seconds

Is the qsh required in the jwt claims? One of the docs suggest yes.

Did a bug actually get created for this?