Also, over in this thread, we learned that OAuth 2.0 3LO’s non-standard implementation doesn’t work when people don’t have access to the client:
If you can’t create the authorization URL that Bubble will send to authorize itself, then it will most likely fail because Atlassian requires parameters not found in RFC6749 specification for the authorization code grant (documented by Atlassian as 3LO). In short, Atlassian’s 3LO probably won’t work.