I was using BB Cloud's Oauth implicit grant method in my electron app for authenticating my app to fetch the details of my repositories.
It stopped working recently.
Reference link of implicit grant method https://bitbucket.org/atlassian/bb-cloud-implicit-grant-sample-app/src/master/
I noticed that even if I directly open login page its not working.
------------------------
Any idea why? Has something changed?
Hello @dev_gauravmall ,
Welcome to the Community!
The implicit grant is still one of the supported OAuth2 flows in Bitbucket, as you can check in our API Reference - Authentication documentation.
Your app should redirect the user's browser to the authorization URL:
https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=token
Where the client_id should be the key of an OAuth consumer created in a bitbucket workspace.
Once the user interactively Grants access to that client id, it will redirect to your callback_url configured in the OAuth consumer, with a fragment containing the access token (#access_token={token}&token_type=bearer
) where your page's js can pull it out of the URL.
In order to test if the token is being correctly returned, you can also try accessing the authorization URL manually in your browser, replacing the client id with its actual value, and once clicking Grant on the authorization page, you should see the token available as a part of the redirect URL.
Let me know in case you have any questions.
Thank you, @dev_gauravmall !
Patrik S
Hi @Patrik S ,
Thanks for your reply.
But the problem here is not implicit grant method as such. It is already working and the reference link that I've mentioned in original question before is also working.
Background on problem.
My windows app was built on electron and was using the same method (which was working flawlessly before Feb'23). We noticed that it stopped working suddenly. It started showing this page in In app browser.
Just to elaborate more on to investigation I did
there is a redirect happens for authorization when you try to open
https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=token
it redirects to id.atlassian.com. Something like below
Now this redirection was working before and the loading of login page was working before, but it stopped suddenly in Feb'23.
My question is that, is this not supported anymore into in-app browsers? Has there any change happened on id.atlassian.com?
I am seeking ways to mitigate it, by maintaining same user experience.
I haven't tried, but I think the workaround is to navigate user to the actual browser instead of in-app browser to authorize (where id.atlassian.com is not restricted and works) and then via redirect url configuration in Bitbucket, return the user back to the app to authenticate the app for further processing.
But is there any way to maintain the same user experience(not navigating user to outside browser) by changing any configuration anywhere?
Hope it describes the situation. :-)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @dev_gauravmall ,
Thank you for providing more context about the issue.
Since this is more of a development technical question, I would suggest posting your question in Atlassian Developer Community as they will be able to better help you with this topic.
Thank you, @dev_gauravmall !
Patrik S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.