Jira MCP OAuth gateway
Supports adding attachments from Confluence pages to Jira issues using Confluence REST API and authentication.
Provides tools for searching, reading, creating, updating, deleting, and assigning Jira issues, as well as managing projects, boards, statuses, and attachments.
Integrates with Jira Software boards for listing boards and creating tickets with board context.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Jira MCP OAuth gatewayshow me recent issues assigned to me"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Jira MCP OAuth gateway
A Model Context Protocol (MCP) server that connects AI assistants (for example Cursor Composer or Agent) to your Jira site. Configure JIRA_BASE_URL for Atlassian Jira Cloud or Jira Data Center / Server—this project is not limited to one company or hosting model. You can search issues, read and edit tickets, manage assignments, and more, using either a Personal Access Token (PAT) or API token, or a browser SSO session when corporate login is required.
See also (sibling projects)
Project | Purpose |
Confluence MCP | confluence-mcp-oauth — Confluence REST + optional SSO ( |
GitHub Enterprise launcher | mcp-github-enterprise-launcher — npm stdio wrapper around a |
SonarQube launcher | mcp-sonarqube-launcher — npm stdio wrapper around a SonarQube MCP |
Related MCP server: MCP Atlassian
What this project is
Role | Runs as a small Node.js process that speaks MCP over standard input/output (stdio). Your editor starts it; you do not usually run it by hand except when debugging. |
Target product | Jira (Cloud or Data Center) via REST. Paths default to |
Auth model | Bearer PAT (if you set one) for every REST call, then automatic retry with SSO cookies on |
SSO login | Uses Playwright + Chromium to open a real browser, let you sign in (SAML, OIDC, etc.), and saves session cookies for later API calls. |
The design matches the idea behind confluence-mcp-oauth: treat Jira as a normal REST API when possible, and use a real browser session when the API rejects the request or when you have no PAT.
Why use it
Works behind SSO: Many organizations do not expose simple API-password flows. A PAT (where supported) plus cookie fallback fits Data Center and many federated setups.
One place for secrets: PATs are intended to live in the MCP host configuration (for example Cursor’s
mcp.json), not in a project.env, so you are less likely to commit tokens into a repo.Familiar Jira operations: JQL search, full issue JSON, compact “read” views, create/update/delete, projects, assignees, statuses, and optional attachments from Confluence or a public URL.
How it fits in your workflow
You add this server to Cursor (or another MCP client) via
mcp.json.You set at least
JIRA_BASE_URL(and optionallyJIRA_PAT) in that config’senvblock.Cursor starts the server when needed; the assistant calls MCP tools by name (for example “run
execute_jqlwith …”).If you rely on SSO, you run
jira_loginonce (tool ornpm run login); cookies are stored undercookies/session.jsonon disk (ignored by git and not published to npm).
┌─────────────┐ stdio (JSON-RPC) ┌──────────────────┐ HTTPS ┌─────────────┐
│ Cursor / │ ◄────────────────────► │ This MCP server │ ───────────► │ Jira REST │
│ MCP client │ │ (Node + fetch) │ Bearer / │ (and opt. │
└─────────────┘ └──────────────────┘ Cookies │ Confluence) │
└─────────────┘MCP tools (reference)
Tools are exposed to the assistant under the names below. Exact parameters are defined in the server’s tool schemas (your client may show them in the UI).
Authentication
Tool | Purpose |
| Opens a browser, completes SSO, saves |
Search and read
Tool | Purpose |
| Run JQL and return matching issues (with configurable |
| Full issue JSON from the REST API (aliases for task-style issues). |
| Compact issue view (summary, description as plain text, status, assignee, etc.). |
| Only summary and plain-text description. |
Create, update, delete
Tool | Purpose |
| Create an issue (summary, description, issuetype; optional project, boardName, boardId, parent). If project is omitted, uses JIRA_DEFAULT_PROJECT, resolves from a board, or auto-picks when only one project appears on your boards—otherwise fails with a message listing boards (use |
| List Jira Software boards (Agile REST). Helps choose boardName / boardId for |
| Update fields such as summary, description, labels, parent. |
| Delete an issue (requires permission in Jira). |
Projects, people, workflow
Tool | Purpose |
| List projects (v3: search API; v2: |
| Assign an issue by Atlassian account ID. |
| List users assignable for a project key. |
| Return issue statuses from Jira. |
Attachments
Tool | Purpose |
| Pull a named attachment from a Confluence page (needs |
| Download a file from a public URL and attach it to an issue. |
Prerequisites
Node.js 18+
Network access to your Jira (and Confluence, if you use that tool)
One-time browser install for Playwright (Chromium), required only if you use
jira_loginor SSO fallback:
npm install
npm run install-browserHow to use it
Option A — Published package (npx)
After the package is on npm, you do not need to clone the repo. Cursor (or your host) can start the server with:
npx -y jira-mcp-oauthPin a version if you want reproducibility:
npx -y jira-mcp-oauth@0.1.4The process speaks MCP on stdio. In normal use the IDE starts it; you only run the command yourself to verify installation or debug.
Option B — Clone this repository
git clone <your-repo-url>
cd jira-mcp-oauth
npm install
npm run install-browserRun the server locally:
npm startSame stdio behavior as npx; again, the typical pattern is to let Cursor spawn node with a path to src/index.js (see below).
Configure Cursor (mcp.json)
Put non-secret URLs and timeouts in env. Put PATs only here as well (not in the repo’s .env for those keys—by design).
Using npx (after publish):
{
"mcpServers": {
"jira-sso": {
"command": "npx",
"args": ["-y", "jira-mcp-oauth"],
"env": {
"JIRA_BASE_URL": "https://jira.company.com",
"JIRA_LOGIN_WAIT_SECONDS": "90",
"JIRA_PAT": "your-pat-or-api-token"
}
}
}
}Using a local checkout (development):
{
"mcpServers": {
"jira-sso": {
"command": "node",
"args": ["C:/path/to/jira-mcp-oauth/src/index.js"],
"env": {
"JIRA_BASE_URL": "https://jira.company.com"
}
}
}
}Replace
jira-ssoif you prefer another server id; it is only a label in Cursor.Fully quit and restart Cursor after any change to
mcp.json.
First-time SSO (no PAT or cookie fallback)
Ensure
JIRA_BASE_URLis correct (include/jirain the path only if your instance uses that context path).In chat, run the
jira_logintool or from the repo runnpm run login(uses the same merged config as the MCP server).Complete login in the opened browser; wait until the tool finishes (up to
JIRA_LOGIN_WAIT_SECONDS, default 90).Use
execute_jql,read_ticket, etc., as needed.
Using tools from the assistant
You do not type REST URLs yourself. Ask the assistant in natural language, for example:
“Search Jira for
project = KEY AND status = Openusingexecute_jql.”“Read issue
KEY-123withread_ticket.”“Create a Bug in project
KEYwith summary … usingcreate_ticket.”
The client maps these to the tool calls above.
Environment variables
Required
Variable | Meaning |
| Root URL of your Jira site (example: |
Optional (Jira)
Variable | Meaning |
| PAT or API token your site provides; sent as |
| REST base path (default |
|
|
| Login page URL (default |
| Browser SSO wait, in seconds (default 90). |
| Max upload size in bytes (default 10 MiB). |
| If several MCP entries share the same path to |
| Default project key when |
| Default on: if an SSO cookie file exists, only cookies are sent (not PAT). Set |
| During |
Optional (Confluence attachment helper)
Variable | Meaning |
| Confluence root URL for |
| Confluence PAT; same “host config only” rule as Jira PATs. |
| Optional; used to name the Confluence cookie file for |
Cookie files: Jira SSO uses cookies/session-<JIRA_MCP_SERVER_KEY or hostname>.json. Confluence attachments from this package use cookies/cf-<CONFLUENCE_MCP_SERVER_KEY or hostname>.json (separate from Jira). Use PAT + PREFER_SSO_COOKIES=0 if you rely on tokens only.
Where to set them
Cursor:
%USERPROFILE%\.cursor\mcp.json(Windows) or~/.cursor/mcp.json(macOS/Linux) →mcpServers.<name>.env. Restart the IDE after edits.Local
npm run login: Env is merged from the discoveredmcp.jsonblock (same path as thissrc/index.js, or legacyjira-sso) for keys that are unset—setJIRA_MCP_SERVER_KEYwhen multiple entries share that path.
Configuration reference (files & precedence)
Topic | Detail |
Secrets |
|
PAT at runtime |
|
CLI login merge | Fills only undefined env keys from the discovered block (never overwrites Cursor). |
Cookie files | One file per instance: |
Cookies | SSO sessions are saved to |
| Needs |
Defaults (when omitted)
Variable | Default |
|
|
|
|
|
|
|
|
|
|
| (none — set when you want |
Boards and Agile: list_boards and board-based create_ticket resolution use /rest/agile/1.0 (Jira Software). If that API returns 404 or an empty list, your site may not expose Software boards—set project or JIRA_DEFAULT_PROJECT instead.
Authentication order (summary)
If
JIRA_PAT(orJIRA_API_TOKEN) is set in the MCP env, every request tries Bearer auth first.If the server returns 401 or 403 and
cookies/session.jsonexists (fromjira_login), the same request is retried once with cookies.If there is no PAT, only cookies are used (you must have run
jira_login).If neither PAT nor cookies work, tools fail with a clear error until you fix the token or log in again.
Validation
Step | Command / action |
Unit tests (features) |
|
Syntax + config (no Jira calls) |
|
MCP wiring | Cursor Settings → MCP: server shows connected. Restart Cursor after |
Interactive tools | In Agent, call |
Inspector (optional) | Install/run the official MCP Inspector (see modelcontextprotocol/inspector) and point it at |
Local tarball sanity check
npm pack
# Creates e.g. jira-mcp-oauth-0.1.4.tgzWindows (cmd):
set JIRA_BASE_URL=https://jira.example.com
npx .\jira-mcp-oauth-0.1.4.tgzmacOS / Linux:
export JIRA_BASE_URL=https://jira.example.com
npx ./jira-mcp-oauth-0.1.4.tgzThe first npx run may take a moment while dependencies install. If your mcp.json already defines JIRA_BASE_URL, the process may stay running on stdio (normal for MCP).
Security
Treat PATs and cookies like passwords. Do not commit
cookies/,.envfiles that hold secrets, or paste tokens into the repo.JIRA_PAT,JIRA_API_TOKEN,CONFLUENCE_PAT, andCONFLUENCE_API_TOKENare not loaded from the project.env; keep them in the MCP host configuration.A saved cookie file grants roughly the same access as your browser user; lock down the machine and project directory.
Troubleshooting
Symptom | What to do |
| Add |
401 / HTML instead of JSON | PAT invalid or expired, or wrong API version — try |
SSO in the browser but REST still 401 | Set |
| Increase |
Browser closes immediately | Session detection requires JSON from |
Auth scheme | This server uses |
| Ensure the |
Half-installed | Clear |
Repository and npm metadata
Package repository, homepage, and bugs in package.json point to https://github.com/Wasim-Shaikh25/jira-mcp-auth. Update those fields if you fork to another org.
The npm package name is jira-mcp-oauth (unscoped). If you previously published under @svasimahmed283/jira-mcp-oauth, keep that version for backward compatibility or deprecate it on npm after publishing this name.
License
See package.json for the declared license. Add a LICENSE file in the repo if you publish publicly.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Wasim-Shaikh25/jira-mcp-auth'
If you have feedback or need assistance with the MCP directory API, please join our Discord server