[BUG] Atlassian MCP OAuth flow broken since 2.1.143 — SSE session lost between authenticate and complete_authentication
Resolved 💬 3 comments Opened May 18, 2026 by tpettepier-oss Closed May 22, 2026
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
- The state parameter gets corrupted with ++ characters during the browser round-trip (e.g., original xedHzXK... becomes xed++HzXK... in the callback)
- Even when manually correcting the state parameter, the error persists
- Multiple attempts all fail the same way — the server-side OAuth session is lost between the two calls
What Should Happen?
Expected Behavior
complete_authentication should recognize the in-progress OAuth flow and exchange the authorization code for tokens, as it did in 2.1.142.
Error Messages/Logs
Steps to Reproduce
- Have an Atlassian MCP server configured (SSE at https://mcp.atlassian.com/v1/sse)
- Call mcp__atlassian__authenticate — returns an auth URL (this works)
- Open the URL in a browser, complete the Atlassian consent flow
- Browser redirects to http://localhost:<port>/callback?code=...&state=...
- Call mcp__atlassian__complete_authentication with the callback URL
- Error: "No OAuth flow is in progress for atlassian. Call mcp__atlassian__authenticate first, then retry with the callback URL."
Claude Model
Opus
Is this a regression?
Yes, this worked in a previous version
Last Working Version
2.1.142
Claude Code Version
2.1.143
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
Other
Additional Information
using bash on Windows Server 2022
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗