You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Greetings Atlassian community,
Not being too familiar with OAuth, I was wondering what the recommended approach would be for the following use-case.
We have a metrics scrape service, that basically scrapes the different Bitbucket API endpoints of our instance in-order to get a complete metrics overview of our different projects. This is a continuously running service that scrapes each minute. This service is owned by a (internal service) team.
For this use-case, I was wondering what the best approach for authenticating with the Bitbucket API. OAuth requires a bit more complexity in code, whereas an App Password is much more simple.
Any recommendations between OAuth vs App Password?
The decision to use AppPassword vs OAuth will all come down to personal preference.
For both, they require the knowledge of both a username as well as a specific token. The difference is, OAuth is configured at the workspace-level meaning that anyone on that workspace can generate tokens if they have the necessary read/write permissions and the permissions granted by that token are configurable, whereas AppPassword is configured on the personal level and the access is based on the access that personal account has to the workspace.
OAuth will require, as you stated - more code complexity and tokens expire after a certain time - meaning that it is generally more secure vs AppPassword where this does not expire however both can be revoked/regenerated at any time.
As long as OAuth tokens/AppPasswords are not shared with third-party users, you can consider these both secure.
If you are wanting simplicity, AppPassword would be the suggested choice - if you are wishing to favour security at the cost of code complexity, OAuth is the suggested choice.
- Ben (Bitbucket Cloud Support)