Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Bitbucket Server OAuth creates new access-tokens each time


When using the Bitbucket Server OAuth 1a process my app is creation one token in the user account per each auth.


Usually in Bitbucket Cloud also with OAuth 1a if I send a user but he already has authorized my app Bitbucket Cloud send the user back without re-creating a new token.


Why is Bitbucket Server behaviour different? Can I be doing something wrong?

3 answers

1 accepted

0 votes
Answer accepted

After reaching support I got this answer:

Hi Rodrigo,

Greetings from Atlassian Support!

In this issue, I understand that your application is using the OAuth implementation in Bitbucket Server to authenticate and login users – and Bitbucket Server is creating a new token every time the same user goes through this process rather than returning an existing token.

First of all, I would like to clarify that Bitbucket Server and Bitbucket Server – are two separate different applications, so there may be features on Bitbucket Server which is very different with the Cloud, and vice versa.

So in Bitbucket Server, the implementation of OAuth is used as part of Application Links and was never intended to be used as an authentication mechanism, like how your application is using it. This piece was built to authenticate users from one application to another where the users login to each application independently (via LDAP or some other means) and then perform the OAuth dance for authorization. We expect OAuth requests to be made on behalf of an already authenticated user.

There is an improvement request for automatic authorization processing with can be viewed here:

Additionally, we do have an existing feature request to allow token based authentication as below:

As mentioned on the feature request ticket, in Bitbucket Server 5.5, the Personal access tokens feature was introduced, where users can create a token with limited scopes (e.g project and repository read) and use them for authenticating REST calls, git operations and integrating with other applications – so you may want to look into this feature to see if that suits your needs and if that can be implemented as a workaround

Please vote and watch the case so that your opinion on this issue may be heard by our development team, comments are also welcome. The feature will be addressed in accordance to our new features policy - Implementation of New Features Policy


May I get some help please

Rodrigo - I'm looking into exactly this scenario for Bitbucket.  Thank you for providing the support response here.

I'm not sure what to do I've never done something like this before

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,263 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you