Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,555,139
Community Members
 
Community Events
184
Community Groups

Oauth consumer App action using rest api are showing user instead of app

Hidayat Ullah
Hidayat Ullah Aug 22, 2022

Hi,

I've developed an Oauth consumer app  and when I installed the app on my workspace and do oauth2.0 to get the access_token and  perform any action like approve pull request or comments on pull request using rest api the actions are performed  but it shows the name of the account user who installed the app I want to perform action based on the App itself such as when a comment is added it should not show user name as the commentator rather it should show the app name.

 

Is it possible ? if yes can you please refer me to the documentation which i need to follow to achieve the above scenario.

Thanks 

Answer
Watch
Like Andrey Kim likes this
183 views

1 answer

0 votes
marc -Collabello--Phase Locked-
marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Aug 22, 2022

Hi @Hidayat Ullah ,

It is possible to do that, i.e. do things as an app.  However you'd need to build the app differently.  Documentation is here: https://developer.atlassian.com/cloud/bitbucket/integrating-with-bitbucket-cloud/  .  For example, you can build an app using the "Connect" framework.

View More Comments
Hidayat Ullah
Hidayat Ullah Aug 23, 2022 • edited

@marc -Collabello--Phase Locked-  

Thanks for you response I'm already using the app descriptor and have the addon created in bitbucekt and using the header jwt but still when the rest api post comment it show the name of the user who install the app it does not show the app name.

I've manually created app at https://bitbucket.org/account/apps  and then I'm calling 

https://bitbucket.org/site/oauth2/access_token

to get the access token using jwt created with app secret and than using that access_token return from above url to post comment or approve pr etc... but it does not perform actions based on app.

Can you please help in this regard if anything is missing?

Like
marc -Collabello--Phase Locked-
marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Aug 23, 2022

A connect app is different from an OAuth app.

As soon as you get and use the OAuth access token, your app acts as an OAuth app, impersonating a user.

I'd recommend to start with a pure connect app, and then copy over your application code, but not the authentication code.

 

For a connect app, you can use ACE: https://bitbucket.org/atlassian/atlassian-connect-express/src/master/

Like
Hidayat Ullah
Hidayat Ullah Aug 23, 2022

@marc -Collabello--Phase Locked- 

How can i call the rest api without access token using connect app?

Like
marc -Collabello--Phase Locked-
marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Aug 24, 2022

Have a look in the README of the above bitbucket repository.  The code has a httpClient with authentication to call the REST API.

Like
Hidayat Ullah
Hidayat Ullah Aug 24, 2022 • edited

I'm using Php the documentation is specifically for node.js.

Like
marc -Collabello--Phase Locked-
marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Aug 24, 2022

Yes, it's possible in principle.  I'd look to find an open source library which already does it, or look into https://developer.atlassian.com/cloud/confluence/understanding-jwt/

Like
Hidayat Ullah
Hidayat Ullah Aug 24, 2022 • edited

I'm already using the jwt but the jwt by self return unauthenticated error when used for REST api and when i get an access_token using  jwt from below endpoint then the actions are performed on user behalf.

https://bitbucket.org/site/oauth2/access_token

can you confirm is there any scope needed for the jwt? I already have 

pullrequest:write

scope in the app descriptor. 

Like Andrey Kim likes this
marc -Collabello--Phase Locked-
marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Aug 24, 2022

The OAuth JWT and the Connect JWT differ.  You can't use an OAuth JWT "as" a Connect JWT.

Like Andrey Kim likes this
Hidayat Ullah
Hidayat Ullah Aug 24, 2022 • edited

I'm not using the OAuth JWT I'm using the connect JWT which I got from below endpoint after user install the connect app

https://bitbucket.org/site/addons/authorize

Also the JWT is working for some end points like user details but not working for Pull request comments.

Like
marc -Collabello--Phase Locked-
marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Aug 25, 2022

You need to check the docs for the API endpoints: https://developer.atlassian.com/cloud/bitbucket/rest/api-group-pullrequests/#api-repositories-workspace-repo-slug-pullrequests-pull-request-id-comments-post says this is available for OAuth, but it is not available for Connect (i.e. Connect is not mentioned for the scopes).

Like
Hidayat Ullah
Hidayat Ullah Aug 25, 2022

You mean that this api is not available for connect app right ?

Like
marc -Collabello--Phase Locked-
marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Aug 25, 2022

indeed, not available

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

See all events