@@ -123,6 +123,76 @@ be accessed using the credentials `admin`/`admin` at
123
123
Atlassian has [ documentation] [ atlassian-sdk ] on how to download and install
124
124
their SDK.
125
125
126
+ ## OAuth2 Configuration
127
+
128
+ Bitbucket DC [ 7.20] ( https://confluence.atlassian.com/bitbucketserver/bitbucket-data-center-and-server-7-20-release-notes-1101934428.html )
129
+ added support for OAuth2 Incoming Application Links and this can be used to
130
+ support OAuth2 authentication for Git. This is especially useful in environments
131
+ where Bitbucket uses SSO as it removes the requirement for users to manage
132
+ [ SSH keys] ( https://confluence.atlassian.com/display/BITBUCKETSERVER0717/Using+SSH+keys+to+secure+Git+operations )
133
+ or manual [ HTTP access tokens] ( https://confluence.atlassian.com/display/BITBUCKETSERVER0717/Personal+access+tokens ) .
134
+
135
+ ### Host Configuration
136
+
137
+ For more details see
138
+ [ Bitbucket's documentation on Data Center and Server Application Links to other Applications] ( https://confluence.atlassian.com/bitbucketserver/link-to-other-applications-1018764620.html )
139
+
140
+ Create Incoming OAuth 2 Application Link:
141
+ <!-- markdownlint-disable MD034 -->
142
+ 1 . Navigate to Administration/Application Links
143
+ 1 . Create Link
144
+ 1 . Screen 1
145
+ - External Application [ check]
146
+ - Incoming Application [ check]
147
+ 1 . Screen 2
148
+ - Name : GCM
149
+ - Redirect URL : ` http://localhost:34106/ `
150
+ - Application Permissions : Repositories.Read [ check] , Repositories.Write [ check]
151
+ 1 . Save
152
+ <!-- markdownlint-enable MD034 -->
153
+ 1 . Copy the ` ClientId ` and ` ClientSecret ` to configure GCM
154
+
155
+ ### Client Configuration
156
+
157
+ Set the OAuth2 configuration use the ` ClientId ` and ` ClientSecret ` copied above,
158
+ (for details see [ credential.bitbucketDataCenterOAuthClientId] ( configuration.md#credential.bitbucketDataCenterOAuthClientId )
159
+ and [ credential.bitbucketDataCenterOAuthClientSecret] ( configuration.md#credential.bitbucketDataCenterOAuthClientSecret ) )
160
+
161
+ ❯ git config --global credential.bitbucketDataCenterOAuthClientId {`Copied ClientId`}
162
+
163
+ ❯ git config --global credential.bitbucketDataCenterOAuthClientSecret {`Copied ClientSecret`}
164
+ <!-- markdownlint-disable MD034 -->
165
+ As described in [ Configuration options] ( configuration.md#Configuration%20options )
166
+ the settings can be made more specific to apply only to a specific Bitbucket DC
167
+ host by specifying the host url, e.g. https://bitbucket.example.com/
168
+ <!-- markdownlint-enable MD034 -->
169
+
170
+ ❯ git config --global credential.https://bitbucket.example.com.bitbucketDataCenterOAuthClientId {`Copied ClientId`}
171
+
172
+ ❯ git config --global credential.https://bitbucket.example.com.bitbucketDataCenterOAuthClientSecret {`Copied ClientSecret`}
173
+ <!-- markdownlint-disable MD034 -->
174
+ Due to the way GCM resolves hosts and determines REST API urls, if the Bitbucket
175
+ DC instance is hosted under a relative url (e.g. https://example.com/bitbucket )
176
+ it is necessary to configure Git to send the full path to GCM. This is done
177
+ using the [ credential.useHttpPath] ( configuration.md#credential.useHttpPath )
178
+ setting.
179
+ ❯ git config --global credential.https://example.com/bitbucket.usehttppath true
180
+ <!-- markdownlint-enable MD034 -->
181
+
182
+ If a port number is used in the url of the Bitbucket DC instance the Git
183
+ configuration needs to reflect this. However, due to [ Issue 608] ( https://github.com/GitCredentialManager/git-credential-manager/issues/608 )
184
+ the port is ignored when resolving [ credential.bitbucketDataCenterOAuthClientId] ( configuration.md#credential.bitbucketDataCenterOAuthClientId )
185
+ and [ credential.bitbucketDataCenterOAuthClientSecret] ( configuration.md#credential.bitbucketDataCenterOAuthClientSecret ) .
186
+ <!-- markdownlint-disable MD034 -->
187
+ For example, a Bitbucket DC host at https://example.com:7990/bitbucket would
188
+ require configuration in the form:
189
+ <!-- markdownlint-enable MD034 -->
190
+ ❯ git config --global credential.https://example.com/bitbucket.bitbucketDataCenterOAuthClientId {`Copied ClientId`}
191
+
192
+ ❯ git config --global credential.https://example.com/bitbucket.bitbucketDataCenterOAuthClientSecret {`Copied ClientSecret`}
193
+
194
+ ❯ git config --global credential.https://example.com:7990/bitbucket.usehttppath true
195
+
126
196
[ additional-info ] :https://confluence.atlassian.com/display/BITBUCKET/App+passwords
127
197
[ atlas-run-standalone ] : https://developer.atlassian.com/server/framework/atlassian-sdk/atlas-run-standalone/
128
198
[ bitbucket ] : https://bitbucket.org
0 commit comments