#OAuth2 token exchange fails with 401 for Jira

I'm unable to connect Jira via OAuth2 using a custom auth config. The connection fails during the token exchange step with the following error:

Failed to fetch OAuth2 access token: Request failed with status code 401

This happens both from my application and directly from the Composio dashboard when testing the connection.

Key detail: Confluence works perfectly using the same Atlassian OAuth2 app (same client_id, client_secret, and redirect URIs). Only Jira fails.

What I've verified:

Client credentials are valid -- tested manually with curl POST https://auth.atlassian.com/oauth/token and received invalid_request (expected for a dummy code), NOT invalid_client.

Redirect URIs registered in Atlassian Developer Console include both:

https://backend.composio.dev/api/v1/auth-apps/add https://backend.composio.dev/api/v3/auth-apps/add

Jira API permissions are configured in the Atlassian app (both classic and granular scopes matching what the Composio auth config requests).

Recreated the Jira auth config in Composio from scratch -- same error.

Confluence auth config with the same Atlassian app credentials works without issues.

Scopes configured in Composio Jira auth config: read:jira-work read:jira-user offline_access read:sprint:jira-software read:board-scope:jira-software read:project:jira read:issue-type-scheme:jira

Scopes configured in Atlassian app (Jira API): Classic: read:jira-work read:jira-user Granular: read:issue-type:jira read:issue-type-scheme:jira read:user:jira read:project:jira read:board-scope:jira-software read:issue:jira-software read:sprint:jira-software

Environment: Composio SDK version: composio==0.11.1, composio-langchain==0.11.1

Composio auth config redirect URI: https://backend.composio.dev/api/v1/auth-apps/add

AuthConfig ID ac_VJg_UNnMNhqZ
Connection ID ca_RSVWxnHVrgP6

Additional finding: The connected account details show a version mismatch in Composio's internal URLs. The redirectUrl uses /api/v3/s/... while the callback_url uses /api/v1/auth-apps/add. This suggests a redirect_uri mismatch during the OAuth2 token exchange, which would cause Atlassian to reject it with a 401.

I also opened a ticket in support: T-8451

Hey @austere heath, we were unable to reproduce the issue on our end. Could you try referring to this guide: https://composio.dev/auth/jira, https://composio.dev/auth/confluence and lmk if it works for you?

thanks! I think there is a confusion on the guide. The redirect URLs are different between the one to be set in Atlassian developer and the one in Composio Auth Config creation, right? (v1 vs v3)

additionally, the auth token field is missing from the form

using v3 as redirect URI

@austere heath, you can configure either v1/v3 redirectUrI, make sure you are using the same in both your authConfig and Atlassian OAuth app. Also, the v3 URI that you've shared(https://backend.composio.dev/api/v3/auth-apps/add) is incorrect, could you specify the source? You can use this v3 instead: https://backend.composio.dev/api/v3/toolkits/auth/callback— Docs.

"additionally, the auth token field is missing from the form" — Yes, we've removed this field as it is not necessary.

the v3 URI I shared is from your docs