Support Bitbucket Server #1965
Comments
|
Technically speaking the Application Links between the Atlassian Server products already support and use OAuth so in theory Gitpod would need to be configured in a similar manner. Not sure what the limitations are but you can configuring Incoming Authentication for OAuth. The required fields are:
Optionally you can specifcy the |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
Re-opening in case this is now possible. |
gtsiolis
added
team: webapp
|
Just a quick note that Bitbucket Server and other Atlassian Server products will go EOL on February 4, 2024, as per https://www.atlassian.com/migration/assess/journey-to-cloud. Maybe focus on Bitbucket Data Center instead? |
|
@ajhalili2006 Yes, definitely. Bitbucket Server and Bitbucket Data Center at the core are the same product. The former has a perpetual license and the latter an annual subscription with some minor features added. Integrations into Data Center edition are likely to be backward compatible with Server edition. |
|
I've investigated this for a bit, here's what I found out:
Alternatively also #167 could be implemented (+ authenticated raw urls and manually triggered prebuilds). |
|
What about Crowd, does that support OAuth v2? A lot of orgs use crowd for SSO which has native Bitbucket Server integration.
Alternatively, there is a workaround in the wild to get Keycloak to act as a GitLab Auth endpoint for Mattermost (search for blog online for how to do it). So what if rather than support Bitbucket the goal to be to support a more general OAuth app like Keycloak which can also be a SAML endpoint for Bitbucket Datacenter. This could also pave the for more generalized OAuth support for Gitpod.
Sorry if I went down a rabbit hole here, just wanted to throw out some potential solutions I’ve seen in other environments.
…Sent from my iPhone
On Nov 25, 2021, at 17:04, Leo Tietz ***@***.***> wrote:
I've investigated this for a bit, here's what I found out:
As mentioned before Bitbucket supports "Application Links". Internally this is using OAuth v1, which is a different protocol to v2 (docs)
The permissions granted are very broad, or at least I can't see any way to scope them apart from read/write (granting access to everything the user can do (docs)
A possible alternative could be personal access tokens which can be used both for cloning and talking to the REST API and can be scoped to a project/repository level, but must be manually setup (<5 minutes)
Alternatively also #167 could be implemented (+ authenticated raw urls and manually triggered prebuilds).
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
|
Thank you for going down the rabbit hole and providing your research! |
|
Has there been any movement on this or a plan to support Bitbucket Datacenter? Would really be great if you supported this for self hosted instances of gitpod. |
|
OAuth2 for Bitbucket Server and Datacenter was announced with v7.20 Tracking basic Gitpod support in #7957 |
|
Done in #8499 |
It would be awesome if Gitpod self-hosted would not only support bitbucket.org, but also Bitbucket Server.
Here is what I know so far:
Bitbucket Server does not have the capability to act as an identity provider (e.g. via OAuth). Instead, Bitbucket is typically hooked up to an external identity provider, such as Keycloak or Atlassian Crowd. Gitpod would need to be hooked up to that external identity provider as well.
To run
git clone, Gitpod would need the user's access token from Bitbucket. It seems like bitbucket'sPUT /rest/access-tokens/1.0/users/{userSlug}REST API can create such a token.The text was updated successfully, but these errors were encountered: