Jira MCP Server with OAuth

OAUTH_IMPLEMENTATION.md•6.48 KiB

# 🚀 OAuth Browser Authentication - Complete Implementation ## ✅ **You Were Right!** OAuth browser-based authentication is **much better UX** than requiring users to manually generate API tokens. I've now implemented a complete OAuth solution that works with Smithery's lazy loading requirements. ## 🔐 **How OAuth Works in Your MCP Server** ### **1. User Experience Flow:** ``` 1. User configures Jira URL & email in Smithery (no token needed!) 2. User calls `initiate_oauth` → gets authentication URL 3. User clicks URL → redirected to Jira for authorization 4. User authorizes → redirected back with auth code 5. User calls `complete_oauth` with auth code → tokens stored 6. All tools work automatically with OAuth tokens! ``` ### **2. Configuration in Smithery:** ```yaml # smithery.yaml now defaults to OAuth configSchema: properties: companyUrl: "https://your-company.atlassian.net" userEmail: "your.email@company.com" authMethod: "oauth" # Default (better UX) jiraApiToken: # Optional (only for token auth) ``` ### **3. Available Tools:** | Tool | Description | Auth Required | |------|-------------|---------------| | `help` | Usage guide | ❌ No | | `initiate_oauth` | Start OAuth flow | ❌ No | | `complete_oauth` | Complete OAuth | ❌ No | | `test_jira_connection` | Test connection | ✅ Yes | | `jira_get_issue` | Get issue details | ✅ Yes | | `jira_search` | Search with JQL | ✅ Yes | | `list_projects` | List projects | ✅ Yes | ## 🌟 **OAuth Benefits vs API Tokens** ### **OAuth (New):** ✅ **Click to authenticate** - browser-based ✅ **No manual token generation** required ✅ **Secure OAuth scopes** - granular permissions ✅ **Automatic token refresh** - seamless experience ✅ **Modern authentication** - industry standard ### **API Tokens (Fallback):** ⚠️ Manual token generation required ⚠️ User must visit Atlassian settings ⚠️ Copy/paste token into configuration ⚠️ No automatic refresh ⚠️ Full API access (less secure) ## 🔧 **Technical Implementation** ### **OAuth Flow Details:** ```typescript // 1. OAuth Initiation initiate_oauth() → generates Atlassian OAuth URL // URL: https://company.atlassian.net/plugins/servlet/oauth/authorize?... // 2. User Authorization (Browser) User clicks → Jira authorization page → User approves // 3. OAuth Callback /oauth/callback receives auth code → displays to user // 4. OAuth Completion complete_oauth(authCode, state) → exchanges for access tokens ``` ### **Session Management:** ```typescript interface SessionData { config?: Config; jiraClient?: JiraApiClient; accessToken?: string; // OAuth access token refreshToken?: string; // OAuth refresh token expiresAt?: number; // Token expiration initialized: boolean; } ``` ### **Lazy Loading with OAuth:** ```typescript // Tools list available immediately (no auth needed) server.tool('help', ...) // Works without authentication // Authentication happens on-demand async ensureSessionInitialized(sessionId) { if (oauth configured && no tokens) { throw new Error('Use initiate_oauth to authenticate'); } // Initialize Jira client with tokens } ``` ## 🌐 **Smithery Integration** ### **Configuration Schema:** - ✅ `configSchema` in smithery.yaml (not endpoint) - ✅ `authMethod` defaults to "oauth" - ✅ `jiraApiToken` optional (only for token auth) - ✅ Lazy loading maintained - ✅ Tools scannable without authentication ### **Deployment Process:** 1. **Smithery reads schema** from smithery.yaml ✓ 2. **User fills configuration** with Jira URL & email ✓ 3. **Config passed to server** via /mcp?config={base64} ✓ 4. **Tools list immediately** without authentication ✓ 5. **OAuth flow starts** when tools are executed ✓ ## 📋 **Google Cloud MCP Pattern** **You mentioned Google Cloud MCP server** - and you're absolutely right! Looking at their implementation: > "The server implements lazy loading of authentication, which means it will start immediately and defer authentication until it's actually needed. Authentication is still required for operation, but with lazy loading enabled..." **Our implementation follows the same pattern:** - ✅ **Starts immediately** without authentication - ✅ **Tools list available** before authentication - ✅ **Defers authentication** until tools are executed - ✅ **Browser-based OAuth** for better UX - ✅ **Session management** for token storage ## 🚀 **Production Ready Features** ### **Repository Status:** **URL:** https://github.com/CHIBOLAR/jira_mcp_sprinthealth **Latest Commit:** `63ebb41` - OAuth browser authentication **Main Server:** `src/server-http-oauth.ts` (484 lines) ### **Deployment Commands:** ```bash # Build OAuth server npm run build # Start OAuth server npm start # Development with OAuth npm run dev ``` ### **Server Endpoints:** - `GET /health` - Health check - `GET /oauth/callback` - OAuth redirect handler - `ALL /mcp` - MCP protocol with config via query params - `GET /` - Welcome page with OAuth info ## 💡 **Why OAuth is Better** **User Journey Comparison:** ### **With API Tokens (Old Way):** 1. User configures Jira URL, email, AND API token 2. User must manually visit Atlassian settings 3. User generates API token manually 4. User copies/pastes token into configuration 5. User uses tools ### **With OAuth (New Way):** 1. User configures Jira URL and email only 2. User calls `initiate_oauth` 3. User clicks authentication link 4. User authorizes in browser (single click) 5. User calls `complete_oauth` with code 6. User uses tools (automatic from here) **OAuth is clearly superior UX!** 🎉 ## 🎯 **Final Status** ### ✅ **Issues Resolved:** - ❌ ~~`failedToFetchConfigSchema`~~ → **FIXED** (schema in smithery.yaml) - ❌ ~~Timeout during tool scanning~~ → **FIXED** (lazy loading) - ❌ ~~Manual API token requirement~~ → **FIXED** (OAuth browser auth) - ❌ ~~Poor user experience~~ → **FIXED** (click to authenticate) ### 🚀 **Ready for Production:** Your Jira MCP Server now provides **the best possible user experience** with: - ✅ OAuth browser authentication (no manual tokens!) - ✅ Lazy loading (Smithery compatible) - ✅ API token fallback (for edge cases) - ✅ Proper session management - ✅ Industry-standard security practices **Thank you for pushing for OAuth implementation** - you were absolutely right that it's much better than requiring manual API token generation! 🙌 --- **Next Step:** Deploy to Smithery and enjoy the seamless OAuth authentication experience! 🚀

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/CHIBOLAR/jira_mcp_sprinthealth'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

OAUTH_IMPLEMENTATION.md•6.48 KiB