Skip to content

feat: add Bitbucket Cloud OAuth identity provider #924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
brendan-kellam merged 3 commits into from
Feb 24, 2026
Merged

feat: add Bitbucket Cloud OAuth identity provider #924

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
105eaca
feat: add Bitbucket Cloud OAuth identity provider
brendan-kellam Feb 24, 2026
8b5f71c
chore: update CHANGELOG for #924
brendan-kellam Feb 24, 2026
cc2a3fc
feedback
brendan-kellam Feb 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Added
- Added PostHog events for chat UI interactions (details card expand/collapse, copy answer, table of contents toggle) and repo tracking in `wa_chat_message_sent`. [#922](https://github.com/sourcebot-dev/sourcebot/pull/922)
- Added Bitbucket Cloud OAuth identity provider support (`provider: "bitbucket-cloud"`) for SSO and account-linked permission syncing. [#924](https://github.com/sourcebot-dev/sourcebot/pull/924)

## [4.11.7] - 2026-02-23

Expand Down
53 changes: 53 additions & 0 deletions docs/docs/configuration/idp.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,59 @@ in the GitLab identity provider config.
</Steps>
</Accordion>

### Bitbucket Cloud

[Auth.js Bitbucket Provider Docs](https://authjs.dev/getting-started/providers/bitbucket)

A Bitbucket Cloud connection can be used for [authentication](/docs/configuration/auth) and/or [permission syncing](/docs/features/permission-syncing). This is controlled using the `purpose` field
in the Bitbucket Cloud identity provider config.

<Accordion title="instructions">
<Steps>
<Step title="Register an OAuth Consumer">
To begin, you must register an OAuth consumer in Bitbucket to facilitate the identity provider connection.

Navigate to your Bitbucket workspace settings at `https://bitbucket.org/<your-workspace>/workspace/settings/api` and create a new **OAuth consumer** under the **OAuth consumers** section.

When configuring your consumer:
- Set the callback URL to `<sourcebot_url>/api/auth/callback/bitbucket-cloud` (ex. https://sourcebot.coolcorp.com/api/auth/callback/bitbucket-cloud)
- Enable **Account: Read**
- If using for permission syncing, also enable **Repositories: Read**

The result of creating an OAuth consumer is a `Key` (`CLIENT_ID`) and `Secret` (`CLIENT_SECRET`) which you'll provide to Sourcebot.
</Step>
<Step title="Define environment variables">
To provide Sourcebot the client id and secret for your OAuth consumer you must set them as environment variables. These can be named whatever you like
(ex. `BITBUCKET_CLOUD_IDENTITY_PROVIDER_CLIENT_ID` and `BITBUCKET_CLOUD_IDENTITY_PROVIDER_CLIENT_SECRET`)
</Step>
<Step title="Define the identity provider config">
Finally, pass the client id and secret to Sourcebot by defining a `identityProvider` object in the [config file](/docs/configuration/config-file):

```json wrap icon="code"
{
"$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
"identityProviders": [
{
"provider": "bitbucket-cloud",
// "sso" for auth + perm sync, "account_linking" for only perm sync
"purpose": "account_linking",
// if purpose == "account_linking" this controls if a user must connect to the IdP
"accountLinkingRequired": true,
"clientId": {
"env": "YOUR_CLIENT_ID_ENV_VAR"
},
"clientSecret": {
"env": "YOUR_CLIENT_SECRET_ENV_VAR"
}
}
]
}
```
</Step>
</Steps>
</Accordion>


### Google

[Auth.js Google Provider Docs](https://authjs.dev/getting-started/providers/google)
Expand Down
170 changes: 170 additions & 0 deletions docs/snippets/schemas/v3/identityProvider.schema.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -648,6 +648,91 @@
"audience"
]
},
"BitbucketCloudIdentityProviderConfig": {
"type": "object",
"additionalProperties": false,
"properties": {
"provider": {
"const": "bitbucket-cloud"
},
"purpose": {
"enum": [
"sso",
"account_linking"
]
},
"clientId": {
"anyOf": [
{
"type": "object",
"properties": {
"env": {
"type": "string",
"description": "The name of the environment variable that contains the token."
}
},
"required": [
"env"
],
"additionalProperties": false
},
{
"type": "object",
"properties": {
"googleCloudSecret": {
"type": "string",
"description": "The resource name of a Google Cloud secret. Must be in the format `projects/<project-id>/secrets/<secret-name>/versions/<version-id>`. See https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets"
}
},
"required": [
"googleCloudSecret"
],
"additionalProperties": false
}
]
},
"clientSecret": {
"anyOf": [
{
"type": "object",
"properties": {
"env": {
"type": "string",
"description": "The name of the environment variable that contains the token."
}
},
"required": [
"env"
],
"additionalProperties": false
},
{
"type": "object",
"properties": {
"googleCloudSecret": {
"type": "string",
"description": "The resource name of a Google Cloud secret. Must be in the format `projects/<project-id>/secrets/<secret-name>/versions/<version-id>`. See https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets"
}
},
"required": [
"googleCloudSecret"
],
"additionalProperties": false
}
]
},
"accountLinkingRequired": {
"type": "boolean",
"default": false
}
},
"required": [
"provider",
"purpose",
"clientId",
"clientSecret"
]
},
"AuthentikIdentityProviderConfig": {
"type": "object",
"additionalProperties": false,
Expand Down Expand Up @@ -1511,6 +1596,91 @@
"clientSecret",
"issuer"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"provider": {
"const": "bitbucket-cloud"
},
"purpose": {
"enum": [
"sso",
"account_linking"
]
},
"clientId": {
"anyOf": [
{
"type": "object",
"properties": {
"env": {
"type": "string",
"description": "The name of the environment variable that contains the token."
}
},
"required": [
"env"
],
"additionalProperties": false
},
{
"type": "object",
"properties": {
"googleCloudSecret": {
"type": "string",
"description": "The resource name of a Google Cloud secret. Must be in the format `projects/<project-id>/secrets/<secret-name>/versions/<version-id>`. See https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets"
}
},
"required": [
"googleCloudSecret"
],
"additionalProperties": false
}
]
},
"clientSecret": {
"anyOf": [
{
"type": "object",
"properties": {
"env": {
"type": "string",
"description": "The name of the environment variable that contains the token."
}
},
"required": [
"env"
],
"additionalProperties": false
},
{
"type": "object",
"properties": {
"googleCloudSecret": {
"type": "string",
"description": "The resource name of a Google Cloud secret. Must be in the format `projects/<project-id>/secrets/<secret-name>/versions/<version-id>`. See https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets"
}
},
"required": [
"googleCloudSecret"
],
"additionalProperties": false
}
]
},
"accountLinkingRequired": {
"type": "boolean",
"default": false
}
},
"required": [
"provider",
"purpose",
"clientId",
"clientSecret"
]
}
]
}
Expand Down
Loading