OAuth consumer

This configures your app for OAuth 2.0 use. Many apps have client-side javascript that makes Bitbucket API calls from inside the iframe on the end user's behalf. This uses OAuth 2 access tokens.

While the Javascript bridge code abstracts away the end-user authorization dialogs and token requests, for this to work your app needs to be linked to an existing OAuth consumer/client (to set this up, see the documentation). This module establishes that linking.

Note that OAuth 2 requires a callback URL to be configured on the consumer/client. Also, to be able to successfully and transparently obtain access tokens from within your iframe's javascript, your callback URL MUST match your app's baseUrl. More specifically, the callback URL must start with the baseUrl. For example:

1
2
3
baseUrl: https://foo.herokuapp.com/base
callbackUrl: https://foo.herokuapp.com/base/oauth/callback

The access token's scopes are configured statically on the consumer/client, not in the descriptor. See the OAuth 2.0 documentation for more information on using OAuth from the backend, outside the iframe's javascript.

Properties

clientId
Type
Required
Yes
Description

The OAuth consumer key that corresponds to the consumer registered for your app.


scopes
Type
Description

The scopes for a dynamically created OAuth consumer.