Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket Server OAuth creates new access-tokens each time

Rodrigo Fernandes
Rodrigo Fernandes February 21, 2018

When using the Bitbucket Server OAuth 1a process my app is creation one token in the user account per each auth.

 

Usually in Bitbucket Cloud also with OAuth 1a if I send a user but he already has authorized my app Bitbucket Cloud send the user back without re-creating a new token.

 

Why is Bitbucket Server behaviour different? Can I be doing something wrong?

Answer
Watch
Like # people like this
1840 views

3 answers

1 accepted

0 votes
Answer accepted
Rodrigo Fernandes
Rodrigo Fernandes March 2, 2018

After reaching support I got this answer:

Hi Rodrigo,

Greetings from Atlassian Support!

In this issue, I understand that your application is using the OAuth implementation in Bitbucket Server to authenticate and login users – and Bitbucket Server is creating a new token every time the same user goes through this process rather than returning an existing token.

First of all, I would like to clarify that Bitbucket Server and Bitbucket Server – are two separate different applications, so there may be features on Bitbucket Server which is very different with the Cloud, and vice versa.

So in Bitbucket Server, the implementation of OAuth is used as part of Application Links and was never intended to be used as an authentication mechanism, like how your application is using it. This piece was built to authenticate users from one application to another where the users login to each application independently (via LDAP or some other means) and then perform the OAuth dance for authorization. We expect OAuth requests to be made on behalf of an already authenticated user.

There is an improvement request for automatic authorization processing with can be viewed here: https://ecosystem.atlassian.net/browse/OAUTH-346.

Additionally, we do have an existing feature request to allow token based authentication as below:

As mentioned on the feature request ticket, in Bitbucket Server 5.5, the Personal access tokens feature was introduced, where users can create a token with limited scopes (e.g project and repository read) and use them for authenticating REST calls, git operations and integrating with other applications – so you may want to look into this feature to see if that suits your needs and if that can be implemented as a workaround

Please vote and watch the case so that your opinion on this issue may be heard by our development team, comments are also welcome. The feature will be addressed in accordance to our new features policy - Implementation of New Features Policy

Cheers,
Vivian

Reply
0 votes
Misty Chatman
Misty Chatman September 14, 2021

May I get some help please

Reply
0 votes
Daniel Holmes
Daniel Holmes June 19, 2018

Rodrigo - I'm looking into exactly this scenario for Bitbucket.  Thank you for providing the support response here.

View More Comments
Misty Chatman
Misty Chatman September 14, 2021

I'm not sure what to do I've never done something like this before

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events