Jira get 400 bad request when following the OAuth 2.0 provider API authorization steps
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Jira gets an errors when applying the OAuth 2.0 steps (HTTP Status 400 - Bad Request) right before the approval screen with the following details :
Please ensure that your server is using HTTPS and that your application base URL is configured appropriately.
The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
Diagnosis
Create an incoming applink
Verifying that Jira's requirements to run over SSL are met
Proceed to the approval steps of the new applink in the format of
1
https://JIRA-BASE-URL/plugins/servlet/oauth2/consent?client_id=XXX&redirect_uri=XXX&response_type=code&scope=ADMIN&state=XXXJira throws a bad request error instead of the approval screen expecting that the used protocol for the authentication is HTTPS.
Cause
Usually this indicates a bad configuration for the main tomcat connector that points at the base URL, OAuth 2.0 requires a secure connector that meets the base URL configured.
Jira doesn't support more than one base URL, a feature request to modify this can be tracked on JRASERVER-69185 - Officially provide support for internal and external base url for JIRA
Solution
Verify that tomcat's connector have all the right attributes , bellow is an example of a working connector configuration that mitigates the error , where Jira's base URL is jira.domain.local
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<Connector port="8080"
relaxedPathChars="[]|"
relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
secure="true"
scheme="https"
proxyName="jira.domain.local"
proxyPort="443"
/>Make sure that server.xml contains the right attributes as above , save it and restart Jira.
Was this helpful?