Configuring OAuth 2.0 for a Bitbucket Server

You can use OAuth 2.0 to enable users to work with a remote Git repository that is hosted on a Bitbucket Server:

  1. Set up an OAuth 2.0 application link on the Bitbucket Server.

  2. Apply an application link Secret for the Bitbucket Server.

Set up an OAuth 2.0 application link on the Bitbucket Server.

Prerequisites

  • You are logged in to the Bitbucket Server.

Procedure

  1. Go to Administration > Applications > Application links.

  2. Select Create link.

  3. Select External application and Incoming.

  4. Enter https://<che_fqdn>/api/oauth/callback to the Redirect URL field.

  5. Select the Admin - Write checkbox in Application permissions.

  6. Click Save.

  7. Copy and save the Client ID for use when applying the Bitbucket application link Secret.

  8. Copy and save the Client secret for use when applying the Bitbucket application link Secret.

Additional resources

Prepare and apply the OAuth 2.0 application link Secret for the Bitbucket Server.

Prerequisites

  • The application link is set up on the Bitbucket Server.

  • The following values, which were generated when setting up the Bitbucket application link, are prepared:

    • Bitbucket Client ID

    • Bitbucket Client secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure

  1. Prepare the Secret:

    kind: Secret
apiVersion: v1
metadata:
  name: bitbucket-oauth-config
  namespace: eclipse-che (1)
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: oauth-scm-configuration
  annotations:
    che.eclipse.org/oauth-scm-server: bitbucket
    che.eclipse.org/scm-server-endpoint: <bitbucket_server_url> (2)
type: Opaque
stringData:
  id: <Bitbucket_Client_ID> (3)
  secret: <Bitbucket_Client_Secret> (4)
    1 The Che namespace. The default is eclipse-che.
    2 The URL of the Bitbucket Server.
    3 The Bitbucket Client ID.
    4 The Bitbucket Client secret.

  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
<Secret_prepared_in_the_previous_step>
EOF

  3. Verify in the output that the Secret is created.