This comprehensive guide to help you troubleshoot common plugin errors –
Following are some common errors that you might see while using the OAuth SSO
plugin:
MO_OAUTH_ERROR_00001
| Error |
The JWT token either expired or has an invalid signature.
|
| Description/Causes |
The JWT token either expired or has an invalid signature.
|
| Solution |
Please check the configured public key or certificate, the JWT token sent in the request, and also check whether the token has expired.
|
MO_OAUTH_ERROR_00002
| Error |
The issuer in the token does not match the configured issuer.
|
| Description/Causes |
The token was issued by one identity provider, but your system is configured to trust a different one.
|
| Solution |
Verify whether the 'Issuer' value in your provider matches the one configured in the Response Validation section of Advanced Settings in the plugin.
|
MO_OAUTH_ERROR_00003
| Error |
SSO failed because no existing account was found in the user list.
|
| Description/Causes |
SSO failed because no existing account was found in the user list, and automatic user creation is disabled.
|
| Solution |
Enable “Allow user creation” in the Advanced Settings of the plugin or manually create the user account.
|
MO_OAUTH_ERROR_00004
| Error |
Multiple Jira users have the same email address. Cannot proceed with login.
|
| Description/Causes |
More than one user in the application has the same email address.
|
| Solution |
Please merge or differentiate the accounts to ensure a unique identity.
|
MO_OAUTH_ERROR_00005
| Error |
The token signature could not be validated.
|
| Description/Causes |
The system could not verify the validity of the token signature.
|
| Solution |
Please verify your JWKS endpoint or check your network settings.
|
MO_OAUTH_ERROR_00006
| Error |
Invalid client credentials. Check Client ID and Secret.
|
| Description/Causes |
Invalid client credentials. Check Client ID and Secret.
|
| Solution |
Please confirm that the Client ID and Secret match those provided by your Identity Provider.
|
MO_OAUTH_ERROR_00007
| Error |
Invalid or unreachable authorization/token endpoint.
|
| Description/Causes |
Invalid or unreachable authorization/token endpoint.
|
| Solution |
- Please ensure all plugin and IDP configurations are correct.
- Review the IDP-side error logs for more information.
- If you're using a non-default endpoint, configure it through the Custom Provider option.
- Please ensure that there is proper connectivity between Jira and the OAuth provider and that no firewalls, proxy configurations, or network restrictions are blocking the communication.
- If you're using Azure AD as the provider, verify that the correct Tenant ID is configured.
|
MO_OAUTH_ERROR_00008
| Error |
Error validating the Signature or Issuer in the Response.
|
| Description/Causes |
Error validating the Signature or Issuer in the Response.
|
| Solution |
Please check if the configured public key is correct
|
MO_OAUTH_ERROR_00009
| Error |
The configured scopes are invalid or not permitted.
|
| Description/Causes |
The configured scopes are invalid or not permitted.
|
| Solution |
Make sure the scopes are spelled correctly, allowed for the client application by the provider, and separated by the right delimiters. Check your IdP documentation for more details.
|
MO_OAUTH_ERROR_00010
| Error |
Invalid or missing state parameter.
|
| Description/Causes |
Invalid or missing state parameter.
|
| Solution |
Please verify that the state parameter value received is correct and not mismatched.
You can check the network logs for the request and response to identify where the mismatch occurred.
If the issue persists, please share the relevant logs when raising a support ticket.
|
MO_OAUTH_ERROR_00011
| Error |
Invalid or reused nonce value.
|
| Description/Causes |
Invalid or reused nonce value.
|
| Solution |
Please verify that the nonce value received is correct and not reused.
You can check the network logs for the request and response to identify where the mismatch occurred.
If the issue persists, please share the relevant logs when raising a support ticket.
|
MO_OAUTH_ERROR_00012
| Error |
This user does not have permission to access the application.
|
| Description/Causes |
The user trying to perform SSO does not have access to the application
|
| Solution |
- Verify that the user is added to a group with access to this application (Jira/Confluence).
- Additionally, cross-check that the default groups have been correctly assigned to the user. You can review the User/Groups configuration within the plugin to ensure it's set up properly.
|
MO_OAUTH_ERROR_00013
| Error |
Sign-in failed. Please check your plugin configuration.
|
| Description/Causes |
This error occurs when there are issues with the configurations
|
| Solution |
- Check the Identity Provider configuration, client credentials, and endpoint URLs in the plugin settings.
- Ensure that the client secret has not expired and that all configured URL endpoints are reachable.
|
MO_OAUTH_ERROR_00014
| Error |
Missing or invalid PKCE code challenge.
|
| Description/Causes |
Missing or invalid PKCE code challenge.
|
| Solution |
PKCE challenge is missing or invalid. If your IdP enforces PKCE, enable it in the plugin’s advanced settings.
|
MO_OAUTH_ERROR_00015
| Error |
The plugin license is missing or invalid.
|
| Description/Causes |
The plugin license is missing or invalid.
|
| Solution |
Please check if you have configured a valid license for the plugin.
|
MO_OAUTH_ERROR_00016
| Error |
No access/id token found in the response.
|
| Description/Causes |
The app asked your IdP for a token, but didn’t get one back — either the access token, the ID token, or both.
|
| Solution |
No access or ID token was found in the response from the provider. Please verify that the required tokens are being returned as expected.
|
MO_OAUTH_ERROR_00017
| Error |
Application not found. Please verify the configuration.
|
| Description/Causes |
Application not found. Please verify the configuration.
|
| Solution |
Please check your plugin configuration.
|
MO_OAUTH_ERROR_00018
| Error |
This user is deactivated. Can't create user session.
|
| Description/Causes |
This user is deactivated. Can't create user session.
|
| Solution |
- The user is deactivated in the directory. Please reactivate the user.
- If you want to activate users on SSO, check the auto-activate on SSO feature in Global SSO Settings
|
MO_OAUTH_ERROR_00019
| Error |
Invalid SSO Request, Could not create User Session
|
| Description/Causes |
Invalid SSO Request, Could not create User Session
|
| Solution |
Please contact the administrator
|
MO_OAUTH_ERROR_00020
| Error |
User profile mapping error. Please review your attribute settings.
|
| Description/Causes |
User profile mapping error. Please review your attribute settings.
|
| Solution |
Attributes are case-sensitive. Please check the user profile mapping in the plugin configuration.
|
MO_OAUTH_ERROR_00021
| Error |
No public key/certificate is configured to validate the token.
|
| Description/Causes |
No public key/certificate is configured to validate the token.
|
| Solution |
No public key/certificate is configured to validate the token. Please check the plugin configuration.
|
MO_OAUTH_ERROR_00022
| Error |
JWT Authentication is currently disabled in the plugin.
|
| Description/Causes |
JWT Authentication is currently disabled in the plugin.
|
| Solution |
JWT Authentication is currently disabled in the plugin. Please check the plugin configuration.
|
MO_OAUTH_ERROR_00023
| Error |
No OAUTH/OIDC provider is enabled
|
| Description/Causes |
No OAUTH/OIDC provider is enabled
|
| Solution |
No OAUTH/OIDC provider is enabled. Please check the plugin configuration
|
MO_OAUTH_ERROR_00024
| Error |
The user is not allowed to log into the application.
|
| Description/Causes |
The user’s email domain is not in the allowed list.
|
| Solution |
Add the domain to the plugin’s Domain Allowlist settings.
|
MO_OAUTH_ERROR_00024
| Error |
The user is not allowed to log into the application.
|
| Description/Causes |
The user’s email domain is not in the allowed list.
|
| Solution |
Add the domain to the plugin’s Domain Allowlist settings.
|
MO_OAUTH_ERROR_00025
| Error |
SSO failed because no existing account was found in the user list.
|
| Description/Causes |
User creation failed due to missing group mapping.
|
| Solution |
Check if the SSO user has groups mapped in the plugin.
|
MO_OAUTH_ERROR_00026
| Error |
SSO failed because no existing account was found in the user list.
|
| Description/Causes |
The plugin is unable to create a new user in the external directory.
|
| Solution |
Check directory permissions or sync settings.
|
MO_OAUTH_ERROR_00027
| Error |
Invalid or unreachable user info endpoint.
|
| Description/Causes |
Invalid or unreachable user info endpoint.
|
| Solution |
Please check if the configured user info endpoint is correct.
|
If you’re feeling stuck, please reach out to us at support-atlassian@miniorange.atlassian.net or
raise a support ticket here for assistance. We’re here to help!
