[BUG] Atlassian MCP OAuth flow broken since 2.1.143 — SSE session lost between authenticate and complete_authentication

Resolved 💬 3 comments Opened May 18, 2026 by tpettepier-oss Closed May 22, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

  • The state parameter gets corrupted with ++ characters during the browser round-trip (e.g., original xedHzXK... becomes xed++HzXK... in the callback)
  • Even when manually correcting the state parameter, the error persists
  • Multiple attempts all fail the same way — the server-side OAuth session is lost between the two calls

What Should Happen?

Expected Behavior

complete_authentication should recognize the in-progress OAuth flow and exchange the authorization code for tokens, as it did in 2.1.142.

Error Messages/Logs

Steps to Reproduce

  1. Have an Atlassian MCP server configured (SSE at https://mcp.atlassian.com/v1/sse)
  2. Call mcp__atlassian__authenticate — returns an auth URL (this works)
  3. Open the URL in a browser, complete the Atlassian consent flow
  4. Browser redirects to http://localhost:<port>/callback?code=...&state=...
  5. Call mcp__atlassian__complete_authentication with the callback URL
  6. Error: "No OAuth flow is in progress for atlassian. Call mcp__atlassian__authenticate first, then retry with the callback URL."

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

2.1.142

Claude Code Version

2.1.143

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Other

Additional Information

using bash on Windows Server 2022

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗