OpenMaskit / connect / jira

Jira · BYO OAuth

Get a Client ID and Client Secret for Jira.

Atlassian doesn't hand out OAuth credentials for a personal account directly — you register a small OAuth 2.0 integration in the Atlassian developer console and use its credentials. This takes about two minutes. The credentials never leave your machine.

  1. Open the Atlassian developer console

    Head over to developer.atlassian.com/console/myapps/ and sign in with the Atlassian account you want the integration to belong to.

  2. Create a new OAuth 2.0 integration

    In the top-left corner, pick the workspace (development space) you'd like the integration to live in. Then click Create on the right and choose OAuth 2.0 integration from the menu.

    Atlassian developer console with the 'Create' menu open and 'OAuth 2.0 integration' highlighted.
    Pick "OAuth 2.0 integration" — not the other app types.
  3. Name your integration

    Give it any name you'd like (e.g. MyOpenMaskit) and confirm. Atlassian creates the integration and drops you back on its detail page inside the developer console.

  4. Configure the OAuth callback URL

    In the left sidebar, open Authorization. You'll see a row labeled OAuth 2.0 (3LO). Click Configure on the right (or Add if you haven't set it up before).

    Atlassian developer console Authorization page with the OAuth 2.0 (3LO) row and its Configure button highlighted.
    The OAuth 2.0 (3LO) row is the one OpenMaskit's flow uses.

    In the Callback URL field, paste:

    http://localhost:9473/oauth/callback/jira

    Then click Save changes. The URL must match exactly — the OpenMaskit dashboard receives the OAuth callback at this path. The install modal also displays this URL for you to copy.

    Atlassian Authorization configuration screen with the Callback URL field populated with the OpenMaskit callback URL.
    Paste the callback URL exactly as shown — port and path both matter.
  5. Add the API permissions

    In the left sidebar, open Permissions. For the Jira MCP server you'll want to add the Jira API, the Confluence API, and the User identity API. For each one, click Add, then Configure, and tick the scopes you want to grant.

    Atlassian developer console Permissions page with Jira API and Confluence API rows and their scope checkboxes.
    Without at least one scope here, the OAuth flow completes but no tools are usable.
  6. Copy the Client ID and Client Secret

    In the left sidebar, open Settings. Scroll to Authentication details — that's where your Client ID and Secret live (click the eye icon to reveal the secret).

    Atlassian developer console Settings page showing the Authentication details section with Client ID and Secret fields.
    These two values are everything OpenMaskit needs to authorize your Atlassian account.
  7. Paste them into OpenMaskit

    Back in the OpenMaskit dashboard, install Jira from the marketplace, paste the Client ID and Client Secret into the install modal, and authorize. Atlassian will prompt you to grant access to the sites you choose — accept, and you're connected.

That's it.

Your Client ID and Client Secret live in your OpenMaskit store directory, encrypted at rest. You can revoke the integration at any time from the Atlassian developer console, or hit Re-authorize on the OpenMaskit server card to start a fresh OAuth round-trip.