Skip to Content

Jira 3-legged OAuth 2.0 prerequisites


This page covers the prerequisites and steps for configuring the Jira connector to use 3-legged OAuth 2.0 (3LO) authentication with a private application configured in the Management Console App Registrations page.

Private applications are 3-legged OAuth applications that you configure for the Jira instance and then register in the Management Console App Registrations page with these values from the 3-legged OAuth application:

  • Client ID and client secret
  • Scopes
  • Authorization URL
  • Access token URL
  • Refresh token URL


When using the cloud application (Jitterbit App), an app registration is not required.

Configure the Jira OAuth application

Prior to registering an OAuth application in the Management Console App Registrations, you must create the OAuth application for the Jira instance.

For information on configuring a 3-legged OAuth application, see the following documentation (depending on your instance type):

Callback URL

When configuring your OAuth application in Jira, ensure the Callback URL is set to one of the following URLs (depending on your organization's region):

Region URL


At a minimum, these roles must be assigned to the OAuth application to allow access to all connector activities:

  • manage:jira-configuration
  • read:jira-user
  • read:jira-work
  • read:permission:jira
  • write:jira-work

In addition to the above roles, Jira Server and Jira Data Center instances require the offline_access role.


These are the instructions for obtaining the required values for the app registration:

  1. Configure a 3-legged OAuth application for the Jira instance.

  2. Navigate to your 3LO application in the Jira Developer Console's My Apps page.

  3. To obtain the app registration's Client ID and Client Secret, navigate to Authentication Details in Settings and obtain the Client ID and Secret values.

  4. To obtain the app registration's Scope, navigate to the Permissions page and obtain the scopes used for the application. In the app registration's configuration, enter each of the 3LO application's scopes in its code format, for example, read:me.

  5. To obtain the app registration's Authentication URL, navigate to User identity API authorization URL from the Authorization page under Authorization URL generator.

  6. Set the app registration's Access token URL as

  7. Set the app registration's Refresh token URL as

Once the 3-legged OAuth application is registered on the App Registrations page it is available to be selected in the OAuth Application menu under Private Applications in the Jira connection.