Configuring OAuth 2.0 for a Bitbucket Server

You can use OAuth 2.0 to enable users to work with a remote Git repository that is hosted on a Bitbucket Server:

Set up an OAuth 2.0 application link on the Bitbucket Server.
Apply an application link Secret for the Bitbucket Server.

Setting up an OAuth 2.0 application link on the Bitbucket Server

Set up an OAuth 2.0 application link on the Bitbucket Server.

Prerequisites

You are logged in to the Bitbucket Server.
base64 is installed in the operating system you are using.

Procedure

Go to Administration > Applications > Application links.
Select Create link.
Select External application and Incoming.
Enter https://<che_fqdn>/api/oauth/callback to the Redirect URL field.
Select the Admin - Write checkbox in Application permissions.
Click Save.
Copy the Client ID and encode it to Base64 for use when applying the Bitbucket application link Secret:
```
$ echo -n '<Bitbucket_Client_ID>' | base64
```
Copy the Client secret and encode it to Base64 for use when applying the Bitbucket application link Secret:
```
$ echo -n '<Bitbucket_Client_secret>' | base64
```

Additional resources

Atlassian Documentation: Configure an incoming link

Applying an OAuth 2.0 application link Secret for the Bitbucket Server

Prepare and apply the OAuth 2.0 application link Secret for the Bitbucket Server.

Prerequisites

The application link is set up on the Bitbucket Server.
The Base64-encoded values, which were generated when setting up the Bitbucket application link, are prepared:
- Bitbucket Client ID
- Bitbucket Client secret
An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure

Prepare the Secret:

kind: Secret
apiVersion: v1
metadata:
  name: bitbucket-oauth-config
  namespace: eclipse-che (1)
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: oauth-scm-configuration
  annotations:
    che.eclipse.org/oauth-scm-server: bitbucket
    che.eclipse.org/scm-server-endpoint: <bitbucket_server_url> (2)
type: Opaque
data:
  id: <Base64_Bitbucket_Client_ID> (3)
  secret: <Base64_Bitbucket_Client_Secret> (4)

1	The Che namespace. The default is `eclipse-che`.
2	The URL of the Bitbucket Server.
3	The Base64-encoded Bitbucket Client ID.
4	The Base64-encoded Bitbucket Client secret.

Apply the Secret:

$ kubectl apply -f - <<EOF
<Secret_prepared_in_the_previous_step>
EOF

Verify in the output that the Secret is created.