Authorize api for bitbucket related resources

Hello!

I can see that the forge api npm module has dedicated functions to authorize the user to jira or confluence resources (see [here](https://developer.atlassian.com/platform/forge/runtime-reference/authorize-api/)).

Is there anything similar for Bitbucket? Or any plan to add it? Typically, I have a handler in my backend that change and allow to access repository settings, but I need to check that the authenticated user can indeed do that. I will need the Bitbucket Cloud api in the meantime.

Thanks!

2 comments

Comment

Hi @antoine_doeraene ,

Thanks for bringing this up. At this stage, the Authorize API is not available for Bitbucket.

Would `asUser` be an option for your use case? If not, can I ask you to add some more details for me to understand why it wouldn't work?

I'm sure you know about this already, but the difference between asApp and asUser is documented here: https://developer.atlassian.com/platform/forge/runtime-reference/product-fetch-api/#contextual-methods

I noticed requestBitbucket is missing in a few places on that page but it is available and working for Bitbucket REST API requests!

I'm not the right person to speak about the "plan to add it". I've reached out to the Forge for Bitbucket team and will share any further insight from you with them.

Thanks,
Caterina

Like • Steffen Opel _Utoolity_ likes this

Hello @Caterina Curti

Thanks a lot for your answer.

The `asUser` is indeed a good pointer and we could use it, although not with its primary intent.

Our use case is that we have some settings that are tight to a repository. Let's say an api token for an external service. Only a repository administrator can update this token from the repository settings page.

We are using the bridge api to communicate between the frontend (the page) and the backend (the backend then manages that token inside the forge storage). As far as I understand, this will already ensure that the user is authenticated to bitbucket in the correct workspace, but it does not guarantee that they are administrator on the repo. What we do now is to retrieve the user account id from the context, and then we ask the Bitbucket Cloud api what privileges this account has in the repository.

So, indeed, we could use the `asUser` to make a GET request on a resource that only an administrator can have access to. If that returns 200, then we are good. But I imagine this is not the primary intent of that function.

It would be nice if we could simply do

```

import { authorize } from "@forge/api";

authorize().onRepository(repoId).isAdmin()
```

Thanks again,

Antoine

Like • like this

Hi @antoine_doeraene - thanks for the question!

For context, I'm the Product Manager who looks after the teams leading our Forge project. Your use-case is something I'd love to discuss with you in more detail would you be available for a 30 minute Zoom call at some point?

If so, my calendar booking link is here, please feel free to find a time that works for you and we can discuss in more detail: https://calendar.app.google/oJN4TGaT7MY5Vm8e6

Like • Caterina Curti likes this

Thanks @Edmund Munday !

I'm off this week, but scheduled a call for next week. See you there.

Like • Caterina Curti likes this

Was this helpful?

Thanks!

Forge for Bitbucket Cloud

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

Authorize api for bitbucket related resources

2 comments

Comment

Was this helpful?

Thanks!

TAGS

Atlassian Community Events