Bitbucket Cloud Auth Module
Bitbucket Cloud authentication module is a pre-configured OAuth 2.0 auth module that lets users log in to Hub and any connected services with their Bitbucket Cloud credentials.
Enable OAuth 2.0 Authentication
To allow users with existing accounts in Bitbucket Cloud to log in to Hub, enable the authentication module.
This procedure takes place in three steps:
- Generate a Redirect URI in Hub. When you create an authentication module, Hub generates a redirect URI to use with the authorization service. This URI identifies the source of each login request.
- Generate a Client ID and Secret in the authorization service. Every login request sent from Hub includes a unique identifier. The ID and secret you store in the authentication module tell the authorization service that each login request is authorized.
- Enable the Auth Module in Hub. When you have generated the information Hub uses to authenticate with the authorization service, copy the values into Hub and enable the module.
Generate a Redirect URI in Hub
- In the Access Management section of the Administration menu, select .
- From the New Module drop-down list, select one of the Bitbucket Cloud pre-configured OAuth 2.0 authentication module.
- If the feature is supported by your browser, use the Copy button to copy the redirect URI to your clipboard.
Generate a Client ID and Secret
The next step is to register the authorized redirect URI for Hub in Bitbucket Cloud.
To get a Client ID and Secret in Bitbucket Cloud
- Log in to your Bitbucket instance, and access the Bitbucket Settings administrative section.
- Select OAuth in the left navigation sidebar. Then, click the Add consumer button.
- In the displayed form, provide a name for your Hub service in Bitbucket and optional description.
- In the Callback URL field copy the generated URL from the Redirect URI field in Hub.
- In the Permissions options, select Email and Read check boxes in the Account section.
- Click Save to generate the Client ID and Secret of your Bitbucket Cloud instance.
Enable the Auth Module in Hub
- Copy the Key value from Bitbucket Cloud and paste it into the Client ID input field in Hub.
- Copy the client secret from the authorization service and paste it into the Client secret input field in Hub.
- Configure the optional settings for the authentication module. For more information, see Additional Settings.
- Click the Enable module button.
The first section of the settings page displays the general settings for the authentication module. Here, you also find the redirect URI that you use to register Hub in the authorization service and the input fields that store the Client ID and Client Secret that are generated in the authorization service.
Authorization Service Endpoints
The settings in this section of the page store the OAuth 2.0 endpoints used by Bitbucket Cloud.
For pre-configured OAuth 2.0 modules, the values that are used by the selected authorization service are set automatically.
|Authorization||Stores the endpoint that Hub uses to obtain authorization from the resource owner via user-agent redirection.|
|Token||Stores the endpoint that Hub uses to exchange an authorization grant for an access token.|
|User data||Stores the endpoint used to locate profile data for the authenticated user.|
|The endpoint used to locate the email address of the authenticated user Use only when the email address is not stored in the user profile|
|Default email verification state||Determines which state should be set for an email address in Hub, when the authentication service does not return the verification status for an email address.|
When a user profile response object is returned by Bitbucket Cloud, values from the specified field paths are copied to the user profile in Hub. Use the following settings to define the endpoint that locates profile data for the authenticated user and map fields that are stored in the authorization service to user accounts in Hub.
For Bitbucket Cloud module, the values are set automatically.
Use a sequence of path segments separated by slashes (/) to specify a path to a field inside a nested object.
Additional settings let you define the request scope, and choose how to authenticate with the service.
The following options are located at the bottom of the page. Use these settings to manage Hub account creation and group membership, and to reduce the loss of processing resources consumed by idle connections.