Resolve OAuth 2.0 Scope Issues for Jira Mail Handlers in Data Center
Platform Notice: Data Center Only - This article only applies to Atlassian apps on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Learn how to fix OAuth 2.0 scope issues for Jira Mail Handlers in Data Center.
Setting the correct scope in OAuth 2.0 is essential for successful integration.
Diagnosis
Checking the scopes
Check the scope configuration in your OAuth 2.0 integration., which is located
Go to ⚙ > System and select Oauth 2.0 for Jira versions up to 8.21.x.
Go to ⚙ > Applications and select Application Links for Jira versions from 8.22.0.
Microsoft Accounts
For Microsoft accounts, the scopes should match precisely the ones from the list below:
In case of a Worldwide plan including Government Community Cloud (GCC), which is the most common type of plan, use the following scopes:
https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All offline_access
In case of a US Government DoD or US Government GCC High plan, use the following scopes:
https://outlook.office365.us/IMAP.AccessAsUser.All https://outlook.office365.us/POP.AccessAsUser.All offline_access
GMAIL accounts
For GMAIL accounts, you only need to use the scope below, which will work for both IMAP and POP:
https://mail.google.com/
If the scopes don't match, follow the steps below to resolve the issue.
Cause
Incorrect scopes are used in the OAuth 2.0 configuration
Solution
Use the right scopes for Microsoft as explained in the official documentation Setting up OAuth 2.0 integration:
In case of a Microsoft Worldwide plan including Government Community Cloud (GCC), use the following scopes (this is the most common scenario):
https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All offline_access
In case of a Microsoft US Government DoD or US Government GCC High plan, use the following scopes (this is the most common scenario):
https://outlook.office365.us/IMAP.AccessAsUser.All https://outlook.office365.us/POP.AccessAsUser.All offline_access
If the above doesn't fix the issue, check Fix OAuth 2.0 Issues in Jira Mail Handlers for Data Center for other possible causes and solutions.
Was this helpful?