Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Seeing the request for all permissions instead request for few via scope in authorize endpoint

saanjh jain July 11, 2023

When I am calling Bitbucket's authorize API :
https://bitbucket.org/site/oauth2/authorize?response_type=code&client_id=cjsdknkcndksdnan&scope=pullrequest:write

scope passed is pullrequest:write

I am seeing the below thing in the UI:

Confirm access to your account

saanh_007 is requesting access to the following:

  • Read and modify your account information
  • Read and modify your repositories' issues
  • Access your repositories' build pipelines and configure their variables
  • Read and modify settings for projects in your workspace
  • Read and modify your workspace's project settings, and read and transfer repositories within your workspace's projects
  • Read and modify your repositories and their pull requests
  • Administer your repositories
  • Delete your repositories
  • Access and edit your workspaces/repositories' runners
  • Read and modify your snippets
  • Read and modify your team membership information
  • Read and modify your repositories' webhooks
  • Read and modify your repositories' wikis
This 3rd party vendor has not provided a privacy policy or terms of use. Atlassian's Privacy Policy is not applicable to the use of this App.

Why UI is showing all the permissions here inspite of sending just one scope?

Is it expected behavior?

1 answer

1 accepted

1 vote
Answer accepted
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 12, 2023

Hi @saanjh jain and welcome to the community!

The permissions you see on this page are the permissions you have granted to the OAuth consumer.

If you want to change them, you can edit the OAuth consumer and change its permissions.

Kind regards,
Theodora

saanjh jain July 12, 2023

ohh got it and the scope we pass in the /authorize call will decide what is the scope of the access Token.

Am i right?

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 14, 2023

Hi @saanjh jain,

The scope of the access token is also determined by the permissions you have selected for the OAuth consumer, I don't believe it's possible to override them by adding scope in the URL https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=token

Kind regards,
Theodora

saanjh jain July 14, 2023

Then what is the role of scope?

When it will be used?

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 14, 2023

Hi @saanjh jain,

I don't see scope documented as a query parameter with https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=token in our docs. Where did you see it used this way? Perhaps I am missing something.

The scopes documented here https://developer.atlassian.com/cloud/bitbucket/rest/intro/#scopes are referring to the permissions you set up for an OAuth consumer, an App password, Repository/Workspace/Project Access Tokens, or in an app descriptor if you are building an Atlassian Connect app.

Kind regards,
Theodora

saanjh jain July 17, 2023

With such URL:
https://bitbucket.org/site/oauth2/authorize?response_type=code&client_id=cjsdknkcndksdnan&scope=pullrequest:write

if I am passing incorrect scope. ex - scope=pullrequest:writ,

Getting error.
https://ids.ics.dev/ma/proxy/oauthcallback?error=invalid_scope&error_description=Unknown+scope%3A+pullrequest%3Awrit


Can you please recheck and confirm?
What is the difference between passing the scope in authorize call and setting the scope while we create an oAuth consumer?

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 17, 2023

Hi @saanjh jain,

The scope you pass in the authorize call is not taken into account. The access token will have the permissions you have selected in the OAuth consumer.

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events