Skip to content

Add OAuth 2.0 authentication support for Bitbucket Cloud #3981

Description

@NickTheDevOpsGuy

What feature do you want to see added?

I would like to request support for OAuth 2.0 authentication with Bitbucket Cloud.

Currently, authentication commonly relies on username/password-style credentials, app passwords, or API tokens. With Bitbucket Cloud moving away from app passwords, it would be valuable for the plugin to support OAuth 2.0 as a first-class authentication method.

Ideally, users could configure a Bitbucket Cloud OAuth consumer/client in Jenkins using a client ID and client secret, and the plugin would handle obtaining and refreshing access tokens as needed.

This would provide a more modern authentication option for Jenkins installations that use the Bitbucket Branch Source Plugin for:

  • Organization folders
  • Multibranch pipelines
  • Repository discovery
  • Branch and pull request discovery
  • Webhook management
  • Bitbucket Cloud API operations

This would be especially useful for enterprise environments where long-lived user-associated credentials are discouraged or being phased out.

Expected behavior:

  1. Configure OAuth 2.0 credentials in Jenkins.
  2. Select those credentials in the Bitbucket Branch Source configuration.
  3. Authenticate to the Bitbucket Cloud API using OAuth 2.0.
  4. Automatically handle access-token expiration and refresh where supported.
  5. Continue to support existing authentication methods for backward compatibility.

Upstream changes

This request is motivated by Bitbucket Cloud authentication changes, including the move away from app passwords toward newer authentication mechanisms such as API tokens and OAuth 2.0.

Relevant upstream documentation and announcements can be provided if needed.

Are you interested in contributing this feature?

Yes. I would be interested in contributing to this feature and helping with implementation and testing.

I am currently reviewing the Bitbucket Branch Source Plugin codebase and would appreciate guidance from the maintainers on the preferred architecture for adding OAuth 2.0 support, particularly around Jenkins credential types, token refresh handling, and integration with the existing Bitbucket Cloud API client.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Fields

    No fields configured for Enhancement.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions