Authentication and authorization

← Back to the getting started guide

The Remote MCP Server uses OAuth 2.0 for secure, permission-based access to your Atlassian Cloud data. This ensures that only authenticated users can stream or modify content from Jira or Confluence, and only within the limits of their existing product permissions.

How authentication works

1. When a supported MCP client connects to the Remote MCP Server, it launches a browser window.

2. You will be prompted to log in using your Atlassian account.

3. After logging in, you will be asked to approve a list of scopes (permissions) that the client needs.

4. Once authorized, the client receives an access token scoped to your user and cloud site.

5. This token is used to authenticate and stream content securely.

Token behavior

• Tokens are scoped to a specific cloud site (e.g., example.atlassian.net).

• Tokens inherit existing Jira and/or Confluence permissions.

• Sessions remain valid for a limited period and may require re-authentication after expiry or revocation.

Redirect URI notes

For desktop-based clients, the OAuth process typically uses a localhost callback like:

Ensure your environment or IT policy allows for this redirect. Pop-up blockers, corporate proxies, or firewall settings may interfere.

Common authentication issues

Security best practices

• Tokens are never shared between users.

• Use official OAuth flows—avoid custom or hardcoded tokens.

• If permissions are updated, you may need to re-authorize the client.

Need help? Contact Atlassian Support or return to the getting started guide.