Oauth consumer App action using rest api are showing user instead of app

Hidayat Ullah August 22, 2022

Hi,

I've developed an Oauth consumer app  and when I installed the app on my workspace and do oauth2.0 to get the access_token and  perform any action like approve pull request or comments on pull request using rest api the actions are performed  but it shows the name of the account user who installed the app I want to perform action based on the App itself such as when a comment is added it should not show user name as the commentator rather it should show the app name.

 

Is it possible ? if yes can you please refer me to the documentation which i need to follow to achieve the above scenario.

Thanks 

1 answer

0 votes
marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 22, 2022

Hi @Hidayat Ullah ,

It is possible to do that, i.e. do things as an app.  However you'd need to build the app differently.  Documentation is here: https://developer.atlassian.com/cloud/bitbucket/integrating-with-bitbucket-cloud/  .  For example, you can build an app using the "Connect" framework.

Hidayat Ullah August 23, 2022

@marc -Collabello--Phase Locked-  

Thanks for you response I'm already using the app descriptor and have the addon created in bitbucekt and using the header jwt but still when the rest api post comment it show the name of the user who install the app it does not show the app name.

I've manually created app at https://bitbucket.org/account/apps  and then I'm calling 

https://bitbucket.org/site/oauth2/access_token

to get the access token using jwt created with app secret and than using that access_token return from above url to post comment or approve pr etc... but it does not perform actions based on app.

Can you please help in this regard if anything is missing?

marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 23, 2022

A connect app is different from an OAuth app.

As soon as you get and use the OAuth access token, your app acts as an OAuth app, impersonating a user.

I'd recommend to start with a pure connect app, and then copy over your application code, but not the authentication code.

 

For a connect app, you can use ACE: https://bitbucket.org/atlassian/atlassian-connect-express/src/master/

Hidayat Ullah August 23, 2022

@marc -Collabello--Phase Locked- 

How can i call the rest api without access token using connect app?

marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 24, 2022

Have a look in the README of the above bitbucket repository.  The code has a httpClient with authentication to call the REST API.

Hidayat Ullah August 24, 2022

I'm using Php the documentation is specifically for node.js.

marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 24, 2022

Yes, it's possible in principle.  I'd look to find an open source library which already does it, or look into https://developer.atlassian.com/cloud/confluence/understanding-jwt/

Hidayat Ullah August 24, 2022

I'm already using the jwt but the jwt by self return unauthenticated error when used for REST api and when i get an access_token using  jwt from below endpoint then the actions are performed on user behalf.

https://bitbucket.org/site/oauth2/access_token

can you confirm is there any scope needed for the jwt? I already have 

pullrequest:write

scope in the app descriptor. 

Like Andrey Kim likes this
marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 24, 2022

The OAuth JWT and the Connect JWT differ.  You can't use an OAuth JWT "as" a Connect JWT.

Like Andrey Kim likes this
Hidayat Ullah August 24, 2022

I'm not using the OAuth JWT I'm using the connect JWT which I got from below endpoint after user install the connect app

https://bitbucket.org/site/addons/authorize

Also the JWT is working for some end points like user details but not working for Pull request comments.

marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 25, 2022

You need to check the docs for the API endpoints: https://developer.atlassian.com/cloud/bitbucket/rest/api-group-pullrequests/#api-repositories-workspace-repo-slug-pullrequests-pull-request-id-comments-post says this is available for OAuth, but it is not available for Connect (i.e. Connect is not mentioned for the scopes).

Hidayat Ullah August 25, 2022

You mean that this api is not available for connect app right ?

marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 25, 2022

indeed, not available

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events