OAuth plugin errors: troubleshooting and solutions


This comprehensive guide to help you troubleshoot common plugin errors –

Prerequisites

    To effectively troubleshoot and fix the issue you must meet the following prerequisites:


    • You should have admin access to your Jira/Confluence instance
    • You should have admin access to your Identity provider

    Following are some common errors that you might see while using the OAuth SSO plugin:

MO_OAUTH_ERROR_00001

Error Either Signature of the JWT Token could not be verified or the Token has expired
Description/Causes

There was an issue while validating the token, it can be due to multiple reasons -

  • Signature verification failed using the configured public key/certificate
  • The token has expired
Solution
  • Check if the public key/certificate is configured properly
  • Check if the token being used is valid and not expired

MO_OAUTH_ERROR_00002

Error Invalid issue in the response
Description/Causes Invalid issue in the response from IDP
Solution Please check the configured issuer in the plugin

MO_OAUTH_ERROR_00003

Error New users are unable to login - Custom SSO failed because either the user account could not be found or you are not authorised to access Application
Description/Causes SSO failed because either the user account could not be found or you are not authorized to access Jira.
Solution

Check if the user trying to access exists in the Jira/Confluence and has the required app permissions

  • To allow the creation of users
    • -  You can go to the Advanced setting tab of the IDP in the plugin and enable the “Allow user creation” → In this case if a user trying to perform SSO is not found, the plugin will create the user.

  • To not allow the creation of users
    • -   Try accessing with an account that has a user in Jira/Confluence

MO_OAUTH_ERROR_00004

Error Multiple users found with same email
Description/Causes Users are supposed to log in using email, but there are multiple users with the same email present in Jira/Confluence
Solution To use the “login user account by” – email in User profile mapping, please ensure all users have unique email

MO_OAUTH_ERROR_00005

Error Application user not found
Description/Causes Application user not found
Solution
  • An existing user was not found
  • Error while creating a new user

MO_OAUTH_ERROR_00006

Error The client is not valid. Please check the credentials
Description/Causes Invalid client credentials configured
Solution Please check if the configured details are valid

MO_OAUTH_ERROR_00007

Error Error with the AccessTokenEndpoint
Description/Causes Probably the AccessTokenEndpoint configured is returning some error from IDP
Solution
  • Check for the error logs on the IDP end
    • - If pkce_missing_challenge – You can go to the Advanced setting tab of the IDP in the plugin and enable the “Enable PKCE”

  • If there are no error logs on the IDP end, check if the Access Token is configured properly
    • - If you are using a supported IDP but want to change the access token endpoint, you can use the custom provider option to configure the same

  • Ensure that IDP and Jira/Confluence can communicate without any interference

MO_OAUTH_ERROR_00008

Error Error validating the Signature or Issuer in the Response
Description/Causes Invalid token received
Solution Please check that the token received is valid and from the configured IDP

MO_OAUTH_ERROR_00009

Error Error with the Scope Configuration
Description/Causes Invalid scope configured
Solution Please check if the Scope you have entered is correct

MO_OAUTH_ERROR_00010

Error Error with the configured state parameter
Description/Causes State parameter validation failed, invalid State Parameter
Solution Verify that the state parameter is properly passed between IDP and the plugin

MO_OAUTH_ERROR_00011

Error Error with the configured nonce value
Description/Causes Nonce validation failed
Solution Verify nonce handling between IDP and the plugin

MO_OAUTH_ERROR_00012

Error The user is not allowed to log into the application.
Description/Causes The user trying to perform SSO does not have access to the application
Solution
  • Check if the user trying to access the has the application access–that is added to groups having application access
  • Check if the domain is allowed in the “Sign-In settings” tab

MO_OAUTH_ERROR_00013

Error Can't sign in please check the plugin configuration.
Description/Causes It is thrown when there are issues in configurations
Solution Please check if the configured endpoints are correct.

MO_OAUTH_ERROR_00014

Error Error with the User Info response
Description/Causes Invalid User info endpoint
Solution Please check if the User Info Endpoint is correctly configured

MO_OAUTH_ERROR_00015

Error No License Found
Description/Causes No license found configured for the plugin
Solution Please add a valid license in the “Manage Apps” section

MO_OAUTH_ERROR_00016

Error No Configuration Found
Description/Causes Error while fetching configurations from file for backup and restore
Solution Please check if the uploaded file contains relevant data

MO_OAUTH_ERROR_00017

Error Can't find application
Description/Causes Unable to find IDP specific details in the configuration
Solution Please check your plugin configuration

MO_OAUTH_ERROR_00018

Error The user is deactivated. Can't create a user session, redirecting to the login page.
Description/Causes The user trying to access the application is deactivated, and auto-activation of users is disabled.
Solution
  • To enable auto-activation go to “Global SSO Settings” and enable “Auto Activate Users on SSO”
  • If you want to activate a specific user, you can do it from the “user” section of the administrator panel

MO_OAUTH_ERROR_00019

Error Invalid SSO Request, Could not create User Session
Description/Causes Mismatch or missing parameter while trying to authenticate using JWT
Solution Check if the required parameters like jwtToken and providerId are added properly – they are case-sensitive

MO_OAUTH_ERROR_00020

Error Error with User Profile Mapping made inside the Plugin
Description/Causes Error with attributes configured in user profile
Solution Attributes are case-sensitive, check if the correct attributes are configured in the user profile section in the plugin

MO_OAUTH_ERROR_00021

Error Public Key/Certificate Not Configured To Verify JWT Token
Description/Causes Public Key/Certificate Not Configured To Verify JWT Token
Solution Check if public key/certificate is configured in the JWT App

MO_OAUTH_ERROR_00022

Error JWT Authentication is disabled
Description/Causes
  • You do not have a JWT application configured
  • You have disabled the Jira SSO using the JWT Application
Solution
  • Check if you have a JWT application configured in the “Configured Providers” tab
  • Check if the toggle for Jira or JSM SSO is enabled to allow authentication using JWT

If you’re feeling stuck, please reach out to us at support-atlassian@miniorange.atlassian.net or raise a support ticket here for assistance. We’re here to help!