This comprehensive guide to help you troubleshoot common app errors –
Pre-requisites
To effectively troubleshoot and fix the issue you must meet the following prerequisites:
- You should have admin access to your Jira/Confluence instance
- You should have admin access to your Identity provider
Errors you might encounter when using the OAuth SSO app:
MO_OAUTH_ERROR_00001
| Error |
The JWT token either expired or has an invalid signature.
|
| Description/Causes |
The JWT token either expired or has an invalid signature.
|
| Solution |
Please check the configured public key or certificate, the JWT token sent in the
request, and also check whether the token has expired.
|
MO_OAUTH_ERROR_00002
| Error |
The issuer in the token does not match the configured issuer.
|
| Description/Causes |
The token was issued by one identity provider, but your system is configured to trust a
different one.
|
| Solution |
Verify whether the 'Issuer' value in your provider matches the one configured in the
Response Validation section of Advanced Settings in the app.
|
MO_OAUTH_ERROR_00003
| Error |
SSO failed because no existing account was found in the user list.
|
| Description/Causes |
SSO failed because no existing account was found in the user list, and automatic user
creation is disabled.
|
| Solution |
Enable “Allow user creation” in the Advanced Settings of the app or manually
create the user account.
|
MO_OAUTH_ERROR_00004
| Error |
Multiple Jira users have the same email address. Cannot proceed with login.
|
| Description/Causes |
More than one user in the application has the same email address.
|
| Solution |
Please merge or differentiate the accounts to ensure a unique identity.
|
MO_OAUTH_ERROR_00005
| Error |
The token signature could not be validated.
|
| Description/Causes |
The system could not verify the validity of the token signature.
|
| Solution |
Please verify your JWKS endpoint or check your network settings.
|
MO_OAUTH_ERROR_00006
| Error |
Invalid client credentials. Check Client ID and Secret.
|
| Description/Causes |
Invalid client credentials. Check Client ID and Secret.
|
| Solution |
Please confirm that the Client ID and Secret match those provided by your Identity
Provider.
|
MO_OAUTH_ERROR_00007
| Error |
Invalid or unreachable authorization/token endpoint.
|
| Description/Causes |
Invalid or unreachable authorization/token endpoint.
|
| Solution |
- Please ensure all app and IDP configurations are correct.
- Review the IDP-side error logs for more information.
- If you're using a non-default endpoint, configure it through the Custom Provider
option.
- Please ensure that there is proper connectivity between Jira and the OAuth
provider and that no firewalls, proxy configurations, or network restrictions
are blocking the communication.
- If you're using Azure AD as the provider, verify that the correct Tenant ID is
configured.
|
MO_OAUTH_ERROR_00008
| Error |
Error validating the Signature or Issuer in the Response.
|
| Description/Causes |
Error validating the Signature or Issuer in the Response.
|
| Solution |
Please check if the configured public key is correct
|
MO_OAUTH_ERROR_00009
| Error |
The configured scopes are invalid or not permitted.
|
| Description/Causes |
The configured scopes are invalid or not permitted.
|
| Solution |
Make sure the scopes are spelled correctly, allowed for the client application by the
provider, and separated by the right delimiters. Check your IdP documentation for more
details.
|
MO_OAUTH_ERROR_00010
| Error |
Invalid or missing state parameter.
|
| Description/Causes |
Invalid or missing state parameter.
|
| Solution |
Please verify that the state parameter value received is correct and not mismatched.
You can check the network logs for the request and response to identify where the
mismatch occurred.
If the issue persists, please share the relevant logs when raising a support ticket.
|
MO_OAUTH_ERROR_00011
| Error |
Invalid or reused nonce value.
|
| Description/Causes |
Invalid or reused nonce value.
|
| Solution |
Please verify that the nonce value received is correct and not reused.
You can check the network logs for the request and response to identify where the
mismatch occurred.
If the issue persists, please share the relevant logs when raising a support ticket.
|
MO_OAUTH_ERROR_00012
| Error |
This user does not have permission to access the application.
|
| Description/Causes |
The user trying to perform SSO does not have access to the application
|
| Solution |
- Verify that the user is added to a group with access to this application
(Jira/Confluence).
- Additionally, cross-check that the default groups have been correctly assigned
to the user. You can review the User/Groups configuration within the app to
ensure it's set up properly.
|
MO_OAUTH_ERROR_00013
| Error |
Sign-in failed. Please check your app configuration.
|
| Description/Causes |
This error occurs when there are issues with the configurations
|
| Solution |
- Check the Identity Provider configuration, client credentials, and endpoint URLs
in the app settings.
- Ensure that the client secret has not expired and that all configured URL
endpoints are reachable.
|
MO_OAUTH_ERROR_00014
| Error |
Missing or invalid PKCE code challenge.
|
| Description/Causes |
Missing or invalid PKCE code challenge.
|
| Solution |
PKCE challenge is missing or invalid. If your IdP enforces PKCE, enable it in the
app’s advanced settings.
|
MO_OAUTH_ERROR_00015
| Error |
The app license is missing or invalid.
|
| Description/Causes |
The app license is missing or invalid.
|
| Solution |
Please check if you have configured a valid license for the app.
|
MO_OAUTH_ERROR_00016
| Error |
No access/id token found in the response.
|
| Description/Causes |
The app asked your IdP for a token, but didn’t get one back — either the access token,
the ID token, or both.
|
| Solution |
No access or ID token was found in the response from the provider. Please verify that
the required tokens are being returned as expected.
|
MO_OAUTH_ERROR_00017
| Error |
Application not found. Please verify the configuration.
|
| Description/Causes |
Application not found. Please verify the configuration.
|
| Solution |
Please check your app configuration.
|
MO_OAUTH_ERROR_00018
| Error |
This user is deactivated. Can't create user session.
|
| Description/Causes |
This user is deactivated. Can't create user session.
|
| Solution |
- The user is deactivated in the directory. Please reactivate the user.
- If you want to activate users on SSO, check the auto-activate on SSO feature in
Global SSO Settings
|
MO_OAUTH_ERROR_00019
| Error |
Invalid SSO Request, Could not create User Session
|
| Description/Causes |
Invalid SSO Request, Could not create User Session
|
| Solution |
Please contact the administrator
|
MO_OAUTH_ERROR_00020
| Error |
User profile mapping error. Please review your attribute settings.
|
| Description/Causes |
User profile mapping error. Please review your attribute settings.
|
| Solution |
Attributes are case-sensitive. Please check the user profile mapping in the app
configuration.
|
MO_OAUTH_ERROR_00021
| Error |
No public key/certificate is configured to validate the token.
|
| Description/Causes |
No public key/certificate is configured to validate the token.
|
| Solution |
No public key/certificate is configured to validate the token. Please check the app
configuration.
|
MO_OAUTH_ERROR_00022
| Error |
JWT Authentication is currently disabled in the app.
|
| Description/Causes |
JWT Authentication is currently disabled in the app.
|
| Solution |
JWT Authentication is currently disabled in the app. Please check the app
configuration.
|
MO_OAUTH_ERROR_00023
| Error |
No OAUTH/OIDC provider is enabled
|
| Description/Causes |
No OAUTH/OIDC provider is enabled
|
| Solution |
No OAUTH/OIDC provider is enabled. Please check the app configuration
|
MO_OAUTH_ERROR_00024
| Error |
The user is not allowed to log into the application.
|
| Description/Causes |
The user’s email domain is not in the allowed list.
|
| Solution |
Add the domain to the app’s Domain Allowlist settings.
|
MO_OAUTH_ERROR_00025
| Error |
SSO failed because no existing account was found in the user list.
|
| Description/Causes |
User creation failed due to missing group mapping.
|
| Solution |
Check if the SSO user has groups mapped in the app.
|
MO_OAUTH_ERROR_00026
| Error |
SSO failed because no existing account was found in the user list.
|
| Description/Causes |
The app is unable to create a new user in the external directory.
|
| Solution |
Check directory permissions or sync settings.
|
