Ending Connect support
Bitbucket Cloud is gradually ending support for Connect apps.
New Bitbucket apps built with Connect can no longer be registered or installed on workspaces as of Februrary 2, 2026.
Forge is now the Atlassian Cloud's primary platform for extensions. Get started with Forge
This configures your app for OAuth 2.0 use. Many apps have client-side javascript that makes Bitbucket API calls from inside the iframe on the end user's behalf. This uses OAuth 2 access tokens.
While the Javascript bridge code abstracts away the end-user authorization dialogs and token requests, for this to work your app needs to be linked to an existing OAuth consumer/client (to set this up, see the documentation). This module establishes that linking.
Note that OAuth 2 requires a callback URL to be configured on the consumer/client. Also, to be able to successfully and transparently obtain access tokens from within your iframe's javascript, your callback URL MUST match your app's baseUrl. More specifically, the callback URL must start with the baseUrl. For example:
1 2baseUrl: https://foo.herokuapp.com/base callbackUrl: https://foo.herokuapp.com/base/oauth/callback
The access token's scopes are configured statically on the consumer/client, not in the descriptor. See the OAuth 2.0 documentation for more information on using OAuth from the backend, outside the iframe's javascript.
clientId| Type | string |
|---|---|
| Required | Yes |
| Description | The OAuth consumer key that corresponds to the consumer registered for your app. |
scopes| Type | [string,...] |
|---|---|
| Description | The scopes for a dynamically created OAuth consumer. |
Rate this page: