OAuth error oauth_problem=consumer_key_unknown

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

When creating an application link, or using functionality that uses an application link, the applications aren't able to authenticate to each other.

The following appears in the application log:

1 oauth_problem=consumer_key_unknown

Diagnosis

Environment

  • Two applications are connected together using Application Links

  • The authentication method used is OAuth

Diagnostic Steps

  1. The error happens intermittently. Recreating Application Links from both servers still does not fix it

    OR

  2. Missing Application Link from one server

Cause

  1. There are duplicate data in the database causing it to use different Consumer key

    OR

  2. The Application Link is only configured in one direction. For example, Confluence is linked to JIRA; but JIRA does not have a reciprocal link to Confluence. This can be caused by a misconfigured network where one application server cannot reach the other over the connector port.

Solution

Resolution

  1. Delete the duplicate data in the database

    1. Shutdown the application

    2. Backup database for rollback purposes

    3. Search for duplicate data

      1 SELECT * FROM BANDANA WHERE bandanakey = 'com.atlassian.oauth.consumer.ConsumerService:host.__HOST_SERVICE__';

    4. Delete the duplicate row, so that it will only have one result

    5. Restart the application

  2. Recreate the Application Link in both servers

    1. If your applications use a reverse proxy, ensure they have been configured correctly for use with the reverse proxy.

    2. Once the applications have been configured, delete and recreate the Application Link.

    3. Alternatively, ensure the reverse proxy has been bypassed for use in an unproxied Application Link.

  3. Ensure there's proper bi-directional communication between both of the applications. Try to hit the endpoint to retrieve the manifest file from one server to the other. If this does not work, adjust firewall/ports/AWS security groups as needed for proper communication.

    1 curl -H "Accept: application/json" http://HOST/ContextPath/rest/applinks/1.0/manifest -v
Updated on April 17, 2025
Platform
Data Center only
Products
Bitbucket Data Center
Jira Software Data Center
Confluence Data Center
Crowd Data Center
Bamboo Data Center
Fisheye Data Center
Crucible Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community