BitBucket OAuth integration

Will May will.j.may at
Thu Apr 30 07:23:23 UTC 2015

Hi Enrico,

I've found the easiest way to deal with GitHub/Bitbucket integration is to
open an new window for authentication and then have the redirect page be a
small piece of JavaScript which will run another piece of JavaScript in the
parent window that will close the other window and use the newly acquired
authentication. The only problem with this approach is that you need to get
the URLs to call up front as if the new window is being popped up in an
action initiated by the user (e.g. handling a response from the server)
then the browser will block the popup.



On Thu, Apr 30, 2015 at 12:04 AM, Enrico Pelizzon <enrico.pelizzon at
> wrote:

> Hi all,
> On Saturday, during the last Hack the Tower event, me and Edward started
> working on allowing the users to login in betterev using their BitBucket
> account.
> We spent quite a lot of time on it (I guess mainly because of the lack of
> experience with OAuth, or because of OAuth itself).
> In either case, we couldn't complete the task.
> I was having a look at it today and I'm having troubles with it, so I was
> wondering if someone from the community could give me a hint.
> Basically, what I'm having problems with is regarding how to store the
> information regarding the authentication process. Since we're dealing with
> a Angular single page web application that queries RESTful endpoints,
> storing the information in a session on the server is not an option.
> Looking around it seems like the available options are pretty much two: use
> cookies as means of storage, or use the sessionStorage/localStorage from
> HTML5. Any idea about which is the preferred way to deal with this?
> At the moment I tried having an endpoint that retrieves a request token
> from bitbucket, sends back to the UI the generated authorization url along
> with the token secret (needed to later request an access token, how do we
> store this? cookie?). The UI then redirects the user to the retrieved
> authentication url, the user grants the permission and gets redirected back
> to the callback endpoint that retrieves the access token using the token,
> the verifier, and the secret (same one we retrieved previously). This
> endpoint should then redirect the user back to the homepage and provide the
> UI the access token in some way.
> That's pretty much where I'm stuck. :-)
> Any suggestion would be really appreciated!
> Thanks!
> Enrico

More information about the adoption-discuss mailing list