Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

BB Cloud Oauth implicit grant method stopped working in electron app

dev_gauravmall
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 28, 2023

I was using BB Cloud's Oauth implicit grant method in my electron app for authenticating my app to fetch the details of my repositories.

It stopped working recently.

Reference link of implicit grant method https://bitbucket.org/atlassian/bb-cloud-implicit-grant-sample-app/src/master/

I noticed that even if I directly open login page its not working.

---------------------------------
Here is the code example:
let win = new remote.BrowserWindow({ width: 800, height: 600, show:false, webPreferences: {sandbox: true, }});
win.loadURL('https://id.atlassian.com/login'); // this is not working

------------------------


Any idea why? Has something changed?

 

1 answer

0 votes
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 2, 2023

Hello @dev_gauravmall ,

Welcome to the Community!

The implicit grant is still one of the supported OAuth2 flows in Bitbucket, as you can check in our API Reference - Authentication documentation

Your app should redirect the user's browser to the authorization URL:

https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=token

Where the client_id should be the key of an OAuth consumer created in a bitbucket workspace. 

Once the user interactively Grants access to that client id, it will redirect to your callback_url configured in the OAuth consumer, with a fragment containing the access token (#access_token={token}&token_type=bearer) where your page's js can pull it out of the URL.

In order to test if the token is being correctly returned, you can also try accessing the authorization URL manually in your browser, replacing the client id with its actual value, and once clicking Grant on the authorization page, you should see the token available as a part of the redirect URL.

Let me know in case you have any questions.

Thank you, @dev_gauravmall !

Patrik S

dev_gauravmall
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 3, 2023

Hi @Patrik S ,

Thanks for your reply.

But the problem here is not implicit grant method as such. It is already working and the reference link that I've mentioned in original question before is also working.

Background on problem.
My windows app was built on electron and was using the same method (which was working flawlessly before Feb'23). We noticed that it stopped working suddenly. It started showing this page in In app browser. 

Screenshot 2023-03-04 093644.png

Just to elaborate more on to investigation I did
there is a redirect happens for authorization when you try to open 

https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=token

 it redirects to  id.atlassian.com. Something like below

https://id.atlassian.com/login?application=bitbucket&continue=https%3A%2F%2Fbitbucket.org%2Faccount%2Fsignin%2F%3Fnext%3D%252Fsite%252Foauth2%252Fauthorize%253Fclient_id%{client_id}%2526response_type%253Dtoken%26redirectCount%3D1

Now this redirection was working before and the loading of login page was working before, but it stopped suddenly in Feb'23.

My question is that, is this not supported anymore into in-app browsers? Has there any change happened on id.atlassian.com?

I am seeking ways to mitigate it, by maintaining same user experience.

I haven't tried, but I think the workaround is to navigate user to the actual browser instead of in-app browser to authorize (where id.atlassian.com is not restricted and works) and then via redirect url configuration in Bitbucket, return the user back to the app to authenticate the app for further processing.

But is there any way to maintain the same user experience(not navigating user to outside browser) by changing any configuration anywhere?

Hope it describes the situation. :-)

Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 6, 2023

Hello @dev_gauravmall ,

Thank you for providing more context about the issue.

Since this is more of a development technical question, I would suggest posting your question in Atlassian Developer Community as they will be able to better help you with this topic.

Thank you, @dev_gauravmall !

Patrik S

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events