Issue/573 OAuth2 support for Bitbucket DC #607
Conversation
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
3 times, most recently
from
e636ce1
to
2b90f17
Compare
|
I'm currently dogfooding this and awaiting some minor tweaks to the OAuth2 support in Bitbucket, once I'm happy it working and the OAuth2 support has been publicly released in Bitbucket I'll open up this PR. |
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
from
f62e992
to
2a80e22
Compare
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
from
2a80e22
to
13cbcab
Compare
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
from
13cbcab
to
d36e9e5
Compare
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
from
d36e9e5
to
7ee209c
Compare
|
I've been dogfooding this for a month and I believe its al working. Apologies for the size. A significant chunk is refactoring and tests. Thanks |
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
3 times, most recently
from
c14a342
to
c470a10
Compare
src/shared/Atlassian.Bitbucket/DataCenter/BitbucketOAuth2Client.cs
Outdated
Show resolved
Hide resolved
src/shared/Atlassian.Bitbucket/AbstractBitbucketOAuth2Client.cs
Outdated
Show resolved
Hide resolved
src/shared/Atlassian.Bitbucket/AbstractBitbucketOAuth2Client.cs
Outdated
Show resolved
Hide resolved
src/shared/Atlassian.Bitbucket.Tests/BitbucketHostProviderTest.cs
Outdated
Show resolved
Hide resolved
|
Thanks for the feedback, I'll start taking a look this week 👍 |
Thanks so much Mike! We're also working on aligning with the Git project on commit formatting/organization. While you're making your changes, would you mind updating the format/organization of your commits per the guidance in this presentation? (There's also an awesome talk you can watch, but the slides are quicker if you're under time constraints 😊). |
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
from
c470a10
to
6982a44
Compare
|
Rebased first 👍 |
|
Also apologies for the surprising number of typos/comments/TODOs etc 😬 |
|
OK, I think I've addressed the issues mentioned above, I'm just working on restructuring the commits. |
|
OK,I think I have a much better structure for the commits. I'm going to dogfood for a couple of days next week before pushing the rebase, fixes and revised commits. Have a good weekend. |
|
Thanks so much for all your efforts here Mike. Take all the time you need to dogfood - I'll keep an eye out for your next push. |
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
from
6982a44
to
6b6bec7
Compare
|
I've updated the PR. But please flag anything you think still needs looking at. |
| @@ -65,16 +65,20 @@ public class OAuth2Client : IOAuth2Client | |||
| private readonly Uri _redirectUri; | |||
| private readonly string _clientId; | |||
| private readonly string _clientSecret; | |||
| private readonly ITrace _trace; | |||
| private readonly bool _addAuthHeader; | |||
There was a problem hiding this comment.
This was lost in the refactoring of this PR.
For Bitbucket we don't want to include authentication headers with the OAuth flow requests.
In the original implementation the request methods were overridden so that calls to CreateRequestMessage() could pass addAuthHeader = false.
This got lost.
I've re-instated this behaviour by making it a behaviour set when the OAuth2Client is created
This should be fixed now, my dogfooding is working now. |
|
Hi just checking in to see if there is any timeline for merging this PR? |
+1! We'll plan to go ahead and merge after the links are fixed up. |
|
Thanks for the feedback. I'll address those issues for the start of next week. 👍 |
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
from
4e9abf1
to
3ff94e8
Compare
Use the WriteDictionarySecrets() method to safely log the dictionary of data that will be written back to the calling Git process When it is necessary to follow the processing in GCM during a call from Git the GCM_TRACE environment variable can be used to print trace information to standard error, however the ultimate output of GET commands would not be included in this trace information This lack of visibility is especially problematic during multi-stage authentication such as OAuth, adding safe logging of the final output makes it possible to follow the GCM process in realtime from inputs to outputs during Git GET requests
…of Bitbucket DC's OAuth2 implementation The BitbucketAuthentication and BitbucketHostProvider remain the single points of entry to processing authentication for all Bitbucket hosts. Bitbucket DC and Bitbucket Cloud do not share common REST APIs or common OAuth2 implementations. The interface IBitbucketRestApi and abstract class BitbucketOAuth2Client effectively hide the differences in implementation from BitbucketAuthentication and BitbucketHostProvider The interface IBitbucketRestApi and abstract class BitbucketOAuth2Client provide clear extension points to implement OAuth2 support for Bitbucket DC
New implementations of the interface IBitbucketRestApi and abstract class BitbucketOAuth2Client provide client code for interacting with the Bitbucket DC REST API and OAuth2 implementation. Extending the BitbucketRestApiRegistry and OAuth2ClientRegistry to provide these Bitbucket DC implementations when a DC host is detected means BitbucketAuthentication and BitbucketHostProvider remain agnostic about which form of Bitbcuket host they are interacting with Prior to this feature users were limited to using Basic Auth or HTTP Access Tokens to interact securely with a Bitbucket DC instance. OAuth2 provides a better solution for SSO environments
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
5 times, most recently
from
d40c543
to
72dcf59
Compare
…ket DC Update docs/environment.md and docs/configuration.md to document the new configuration options for managing Bitbucket DC OAuth2 Client ID and Client Secrets Update docs//bitbucket-development.md to document how to create a test Bitbucket DC environment and OAuth2 setup
mminns
force-pushed
the
issue/573-OAuth2-support-for-Bitbucket-DC
branch
from
72dcf59
to
6c28d76
Compare
|
🤞 😄 |
There was a problem hiding this comment.
🎉 
Great stuff @mminns!
Glad we could get this over the finish line 😁
|
Awesome, thank you. I started messing around with this in 2018 and started looking at it in Git Credential Manager for Windows in 2019 So it's brilliant to finally get it done. Thanks for all your help, @ldennington , @mjcheetham 👏 🙇 |
Changes: - Check for broken links in documentation (#700) - Support macOS `arm64` installs via Homebrew (#798) - Validate installers before publishing (#813) - Auto-generate maintainer away notification issues (#842) - Install dotnet via Jammy feeds on Ubuntu 22.04 and greater (#839) - Access Azure storage account using service principle credentials (#851) - Update documentation to use reference-style links (#680) - Unify documentation line length (#862) - Add generic username/password UI (#871) - Bitbucket DC OAuth support (#607) - Distribute GCM as a dotnet tool (#886) - Drop `-core` suffix from entry executable #551 - Speed up build graph (#924)
This comment has been minimized.
This comment has been minimized.
1 similar comment
This comment has been minimized.
This comment has been minimized.
(Bloody Hell it works.)
Bitbucket DC 7.20 now supports OAuth 2.0 connections from external applications.
https://confluence.atlassian.com/bitbucketserver/bitbucket-data-center-and-server-7-20-release-notes-1101934428.html
This means OAuth 2.0 access_tokens can be used as authentication between Git and Bitbucket DC.
The PR refactors the Bitbucket module provide a more generic framework for supporting OAuth 2.0 and providing implementations for both Bitbucket Cloud and Bitbucket DC as they are unfortunately not exactly the same.
Because each Bitbucket DC installation is a unique instance the OAuth 2.0 ClientId and ClientSecret are unique to each installation and therefore GCM must be configured to support each Bitbucket DC instance.
Documentation is updated to describe how to configure and use the feature.
Tests are extended to cover Bitbucket DC.
I've been dogfooding it for the last month.