Authentication incompatibility between Azure AI Foundry MCP client and Atlassian MCP server

[0xsan-z]

❗ Issue: Authentication incompatibility between Azure AI Foundry MCP client and Atlassian MCP server

Summary

Unable to successfully invoke Atlassian MCP (Rovo MCP) tools (e.g., Jira queries) from an Azure AI Foundry agent due to authentication incompatibility across all supported methods.

---

🔍 Context

Attempting to connect an Azure AI Foundry agent to the Atlassian MCP server to enable Jira queries via MCP tools.

Azure AI Foundry supports the following MCP authentication methods:

• Key-based authentication
• OAuth identity passthrough
• Microsoft Entra authentication (Microsoft Learn)

Atlassian MCP appears to require a specific OAuth/JWT-based authentication model, which does not align with these options.

---

🧪 What was attempted

1. OAuth Identity Passthrough (Custom Atlassian OAuth app)

Setup:

• Created OAuth app in Atlassian
• Configured client ID, client secret, redirect URI in Foundry
• Consent flow completes successfully

Result:

• MCP connection initializes
• Tool discovery works (tools/list)
• Tool execution fails with: "We are having trouble completing this action"

Observation:

• Token is accepted initially but rejected during tool execution
• Suggests Atlassian MCP does not accept generic OAuth tokens

---

2. Key-based Authentication (API Token as Bearer)

Setup:

Key: Authorization
Value: Bearer

Result:

401 Unauthorized: failed to parse token not a compact JWS

Observation:

• Atlassian MCP attempts to parse token as JWT/JWS
• Atlassian API tokens are opaque (non-JWT)
• Indicates MCP expects a signed JWT token format

---

🧠 Analysis

There appears to be a fundamental mismatch:

Method	Foundry Support	Atlassian MCP Expectation	Result
OAuth passthrough	✅	MCP-specific OAuth (DCR / controlled clients)	❌
API token (Bearer)	✅	JWT (JWS format)	❌

Additionally:

• Foundry passes credentials as static headers (e.g., Authorization: Bearer <token>) (Microsoft Learn)
• Atlassian MCP appears to require: JWT-based tokens, Client-origin validation, Possibly MCP-specific OAuth flows

---

❓ Questions / Requests for clarification

1. Is Atlassian MCP officially supported by Azure AI Foundry MCP client?

2. Does Foundry support MCP servers that require JWT-based authentication (JWS tokens)? If yes, how should such tokens be generated and injected?

3. Is there support planned for MCP-native OAuth flows (e.g., dynamic client registration / DCR)? Current OAuth passthrough appears incompatible with MCP expectations

4. Are there known limitations with non-Microsoft MCP servers that enforce stricter auth models?

5. Is there a recommended architecture or workaround for integrating with Atlassian MCP? e.g., proxy pattern, token exchange, or custom auth handler

---

📌 Current status

• OAuth passthrough → authentication succeeds, tool calls fail
• API token → rejected due to invalid token format (non-JWT)
• No working authentication path identified

---

✅ Expected outcome

Guidance on: Supported authentication pattern for Atlassian MCP, Whether current behavior is expected or a gap, Recommended integration approach

---

💡 Additional notes

• The issue appears to be systemic (auth model mismatch) rather than configuration error
• Reproducible across multiple attempts and configurations

---

Any guidance or confirmation would be greatly appreciated. Thank you.

[BrentOpsomer]

Hello, maybe this will help:

https://benjamin-fuqua.medium.com/why-your-custom-oauth-tokens-fail-with-the-atlassian-mcp-server-and-how-dcr-fixes-it-2566b779f795