OAuth error oauth_problem=consumer_key_unknown

Problem

When creating an application link, or using functionality that uses an application link, the applications aren't able to authenticate to each other.

The following appears in the application log:

oauth_problem=consumer_key_unknown

Diagnosis

Environment

  • Two applications are connected together using Application Links
  • The authentication method used is OAuth

Diagnostic Steps

  1. The error happens intermittently. Recreating Application Links from both servers still does not fix it
    OR
  2. Missing Application Link from one server

Cause

  1. There are duplicate data in the database causing it to use different Consumer key
    OR
  2. The Application Link is only configured in one direction. For example, Confluence is linked to JIRA; but JIRA does not have a reciprocal link to Confluence. This can be caused by a misconfigured network where one application server cannot reach the other over the connector port.

Resolution

  1. Delete the duplicate data in the database

    1. Shutdown the application

    2. Backup database for rollback purposes
    3. Search for duplicate data 

      SELECT * FROM BANDANA WHERE bandanakey = 'com.atlassian.oauth.consumer.ConsumerService:host.__HOST_SERVICE__';
    4. Delete the duplicate row, so that it will only have one result
    5. Restart the application
  2. Recreate the Application Link in both servers

    1. If your applications use a reverse proxy, ensure they have been configured correctly for use with the reverse proxy.

    2. Once the applications have been configured, delete and recreate the Application Link.

    3. Alternatively, ensure the reverse proxy has been bypassed for use in an unproxied Application Link.

  3. Ensure there's proper bi-directional communication between both of the applications. Try to hit the endpoint to retrieve the manifest file from one server to the other. If this does not work, adjust firewall/ports/AWS security groups as needed for proper communication. 

    curl -H "Accept: application/json" http://HOST/ContextPath/rest/applinks/1.0/manifest -v

DescriptionWhen creating an application link, or using functionality that uses an application link, the applications aren't able to authenticate to each other.
ProductJira, Confluence, Bamboo, Bitbucket, Fisheye
PlatformServer
Last modified on Nov 16, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.