-
-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bitbucket CMS Backend #280
Comments
When requesting the access token, the following was being thrown in the console: This answer from Guy Ludvig on the Atlassian community forum seemed to solve this issue:
So I needed to modify getting the access_token to look like this: const requestAccessToken = async code => {
const { access_token_endpoint, server, redirectUrl, appId } = settings;
const params = new URLSearchParams({
client_id: appId,
code: code,
grant_type: 'authorization_code',
redirect_uri: redirectUrl,
code_verifier: codeVerifier
});
const response = await fetch(server + access_token_endpoint, {
method: 'POST',
headers: {
"Content-Type": "application/x-www-form-urlencoded"
},
body: params.toString()
}
);
const tokens = await response.json();
if (tokens.error) {
throw new Error(tokens.error_description);
}
tokenStore.set(tokens);
}; Then I started getting If I hardcoded a client_secret (which we don't want to do in a public client) it does work and you can login successfully: const params = new URLSearchParams({
scope: 'repository:write',
client_secret: 'my-actual-client-secret-from-https://bitbucket.org/jantcu/workspace/settings/api',
client_id: appId,
code: code,
grant_type: 'authorization_code',
redirect_uri: redirectUrl,
code_verifier: codeVerifier
}); So I think the problem is there's a distinction that needs to be made here. There are 2 separate Atlassian products:
That makes sense why the documentation was saying the endpoints were:
when in reality they are:
I thought the documentation was just out of date, but I was referring to "Server" docs but trying to use the "Cloud" product. See this Stackoverflow answer from an Atlassian employee daveruinseverything:
Brandon G on the Atlassian community forum has the same problem as us where the client_secret is required even if using PKCE (which shouldn't require the secret). Patrick S points out on that thread:
So it sounds like PKCE isn't supported on BitBucket Cloud after all. It looks like NetlifyCMS/Decap is actually using "Implicit Grant" for BitBucket: |
OAuth documentation for BitBucket Cloud: |
I'm going to put this feature on hold until Bitbucket adds the PKCE grant type to their OAuth workflow. If you'd like to see Bitbucket support implemented, please go to the feature request for this (https://jira.atlassian.com/browse/BCLOUD-23469) and
Thanks! |
Bitbucket has OAuth that supports PKCE flow: https://confluence.atlassian.com/bitbucketserver/bitbucket-oauth-2-0-provider-api-1108483661.html
Bitbucket's commit API: https://developer.atlassian.com/cloud/bitbucket/rest/api-group-source/#api-repositories-workspace-repo-slug-src-post
The text was updated successfully, but these errors were encountered: