Skip to Content

3-legged OAuth 2.0 (3LO) prerequisites for the MCP Client connector in Jitterbit Studio

Introduction

These are the prerequisites for authenticating with the MCP Client connector using a 3-legged OAuth 2.0 (3LO) client credential.

Note

Agent version 10.83 / 11.21 or later is required to use 3-legged OAuth 2.0 authentication.

Create and configure an application or integration record

Create and configure an application or integration record on your external MCP server to configure a 3-legged OAuth 2.0 (3LO) client. For example, to use the MCP-supported NetSuite AI Connector Service, you need a configured NetSuite integration record for use with OAuth 2.0.

When requested of you, set the redirect or callback URL to one of the following URLs (depending on your organization's region):

Region URL
APAC https://apps.apac-southeast.jitterbit.com/design-studio/api/v1/oauth/authcode
EMEA https://apps.emea-west.jitterbit.com/design-studio/api/v1/oauth/authcode
NA https://apps.na-east.jitterbit.com/design-studio/api/v1/oauth/authcode

Retain the client ID and client secret required for a valid app registration when complete.

Configure an app registration in the Management Console

  1. Gather the required information:

    • Valid authorization, access token, and refresh token URLs for your external MCP server.
    • Client ID and client secret obtained after application or integration record configuration.
    • (Required for OAuth 2.1 implementations) A self-generated, cryptographically random 43-128 character code verifier string.
    • (Required for OAuth 2.1 implementations) A self-generated 43-128 character code challenge string, which is the SHA-256 hash of the code verifier string.

  2. In the app registration's configuration, enter values for the Name and Description.

  3. Set the app's Client ID to the client ID value obtained after application or integration record configuration.

  4. Set the app's Client Secret to the client secret value obtained after application or integration record configuration.

  5. Enter mcp as the scope.

  6. Set the app's Authentication URL, Access token URL, and Refresh token URL to the URLs required by your external MCP server.

  7. Go to Advanced options.

    In the Authentication request tab, create these key-value pairs under Parameters:

    Key Value Send in
    response_type code Request URL
    code_challenge_method S256 (if applicable) Request URL
    code_challenge Previously generated code challenge value (if applicable) Request URL

  8. In the Token request tab, create these key-value pairs under Parameters:

    Key Value Send in
    grant_type authorization_code Request Body
    code_verifier Previously generated code verifier value (if applicable) Request Body

  9. In the Refresh request tab, create this key-value pair under Parameters:

    Key Value Send in
    grant_type refresh_token Request Body

  10. Do not enable any token policy options.

Once the private application is registered on the App Registrations page, it is available to be selected in the OAuth Application menu in the MCP Client connection when using the Authorization Code Grant authentication option.