Atlassian Mcp
Wire Atlassian Cloud or Server Jira and Confluence into your agent with the right OAuth 2.1, API token, or PAT pattern instead of guesswork.
Overview
Atlassian MCP is an agent skill most often used in Build (also Ship review, Operate iterate) that documents OAuth 2.1, API token, and PAT authentication for Jira and Confluence integrations.
Install
npx skills add https://github.com/jeffallan/claude-skills --skill atlassian-mcpWhat is this skill?
- Auth matrix: OAuth 2.1 (Cloud 3LO), API Token, Server/DC PAT—with security level callouts
- OAuth authorization URL construction with audience api.atlassian.com and scoped Jira/Confluence permissions
- Code-shaped exchangeCodeForToken example for authorization-code flow
- Explicit guidance to avoid deprecated Basic Auth on Cloud
- developer.atlassian.com app registration and callback configuration steps
- 4 authentication methods compared in overview table (OAuth 2.1, API Token, PAT, Basic Auth)
Adoption & trust: 2.5k installs on skills.sh; 9.7k GitHub stars; 1/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are connecting an agent to Atlassian but are unsure which auth method, scopes, and token exchange steps are correct for Cloud versus Server.
Who is it for?
Indie developers building MCP servers or scripts that must act on Jira issues and Confluence pages with clear Cloud vs Server credential choice.
Skip if: Teams that only need read-only public docs without API access, or greenfield projects with no Atlassian tenant.
When should I use this skill?
Implementing or debugging Atlassian Jira/Confluence MCP auth: OAuth 2.1, API tokens, PAT, scopes, or token exchange.
What do I get? / Deliverables
You implement a supported Atlassian auth flow—typically OAuth 2.1 3LO for multi-user Cloud apps or tokens/PATs for automation—with scoped access aligned to Jira and Confluence MCP tools.
- Documented auth method choice for the integration
- OAuth authorize and token-exchange implementation pattern
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Most teams attach issue trackers and docs during product build when agents need to read and write work items. Integrations is the shelf for MCP auth flows and scope selection against Atlassian APIs.
Where it fits
Register a developer.atlassian.com app and build the OAuth authorize URL before wiring MCP Jira tools.
Audit requested scopes and reject Basic Auth before exposing the integration to teammates.
Rotate API tokens or PATs when Atlassian policies change without breaking the agent connector.
How it compares
Authentication and scope playbook for Atlassian APIs—not a drop-in MCP server binary by itself.
Common Questions / FAQ
Who is atlassian-mcp for?
Solo builders and small teams implementing agent or MCP integrations that read or write Atlassian Cloud or Server/DC Jira and Confluence data.
When should I use atlassian-mcp?
Use it in Build integrations while coding the connector; in Ship review when validating least-privilege scopes; and in Operate iterate when rotating tokens or migrating off deprecated Basic Auth.
Is atlassian-mcp safe to install?
The skill describes handling OAuth secrets and API tokens; review the Security Audits panel on this Prism page and store credentials outside the repo with minimal scopes.
SKILL.md
READMESKILL.md - Atlassian Mcp
# Authentication Patterns --- ## Authentication Methods Overview | Method | Platform | Use Case | Security Level | |--------|----------|----------|----------------| | OAuth 2.1 | Cloud | User-facing apps, integrations | Highest | | API Token | Cloud | Personal automation, scripts | Medium | | PAT | Server/DC | Server integrations | Medium | | Basic Auth | Legacy | Deprecated, avoid | Low | ## OAuth 2.1 (Atlassian Cloud) ### Authorization Code Flow For applications that act on behalf of users. **Step 1: Register Your App** 1. Go to [developer.atlassian.com](https://developer.atlassian.com/console/myapps/) 2. Create new app 3. Configure OAuth 2.0 (3LO) 4. Add callback URL 5. Request necessary scopes **Step 2: Authorization Request** ```typescript const authUrl = new URL('https://auth.atlassian.com/authorize'); authUrl.searchParams.set('audience', 'api.atlassian.com'); authUrl.searchParams.set('client_id', CLIENT_ID); authUrl.searchParams.set('scope', 'read:jira-work write:jira-work read:confluence-content.all write:confluence-content'); authUrl.searchParams.set('redirect_uri', REDIRECT_URI); authUrl.searchParams.set('state', generateState()); authUrl.searchParams.set('response_type', 'code'); authUrl.searchParams.set('prompt', 'consent'); // Redirect user to authUrl.toString() ``` **Step 3: Exchange Code for Token** ```typescript async function exchangeCodeForToken(code: string): Promise<TokenResponse> { const response = await fetch('https://auth.atlassian.com/oauth/token', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ grant_type: 'authorization_code', client_id: CLIENT_ID, client_secret: CLIENT_SECRET, code, redirect_uri: REDIRECT_URI, }), }); if (!response.ok) { throw new Error(`Token exchange failed: ${response.statusText}`); } return response.json(); } interface TokenResponse { access_token: string; refresh_token: string; expires_in: number; scope: string; token_type: 'Bearer'; } ``` **Step 4: Refresh Token** ```typescript async function refreshAccessToken(refreshToken: string): Promise<TokenResponse> { const response = await fetch('https://auth.atlassian.com/oauth/token', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ grant_type: 'refresh_token', client_id: CLIENT_ID, client_secret: CLIENT_SECRET, refresh_token: refreshToken, }), }); return response.json(); } ``` **Step 5: Get Accessible Resources** ```typescript async function getAccessibleResources(accessToken: string): Promise<Resource[]> { const response = await fetch( 'https://api.atlassian.com/oauth/token/accessible-resources', { headers: { Authorization: `Bearer ${accessToken}`, Accept: 'application/json', }, } ); return response.json(); } interface Resource { id: string; // Cloud ID name: string; // Site name url: string; // https://your-site.atlassian.net scopes: string[]; avatarUrl: string; } ``` ### OAuth Scopes Reference **Jira Scopes:** | Scope | Description | |-------|-------------| | `read:jira-work` | Read issues, projects, boards | | `write:jira-work` | Create/update issues | | `manage:jira-project` | Manage project settings | | `manage:jira-configuration` | Manage global settings | | `read:jira-user` | Read user profiles | | `manage:jira-data-provider` | Data provider integrations | **Confluence Scopes:** | Scope | Description | |-------|-------------| | `read:confluence-content.all` | Read all content | | `write:confluence-content` | Create/update content | | `read:confluence-content.summary` | Read content summaries | | `read:confluence-space.summary` | Read space summaries | | `write:confluence-space` | Create/manage spaces | | `read:confluence-user` | Read user profiles | **Granular Scopes (v2):** ``` read:issue-details:jira writ