BitBucket OAuth integration

Martijn Verburg martijnverburg at
Thu Apr 30 10:13:04 UTC 2015

Hi Enrico,

See if you can try cookies to start with, we've used someting similar at
jClarity - Angular's docs on this are here:


On 30 April 2015 at 08:23, Will May <will.j.may at> wrote:

> Hi Enrico,
> I've found the easiest way to deal with GitHub/Bitbucket integration is to
> open an new window for authentication and then have the redirect page be a
> small piece of JavaScript which will run another piece of JavaScript in the
> parent window that will close the other window and use the newly acquired
> authentication. The only problem with this approach is that you need to get
> the URLs to call up front as if the new window is being popped up in an
> action initiated by the user (e.g. handling a response from the server)
> then the browser will block the popup.
> Cheers,
> Will.
> On Thu, Apr 30, 2015 at 12:04 AM, Enrico Pelizzon <
> enrico.pelizzon at
> > wrote:
> > Hi all,
> > On Saturday, during the last Hack the Tower event, me and Edward started
> > working on allowing the users to login in betterev using their BitBucket
> > account.
> > We spent quite a lot of time on it (I guess mainly because of the lack of
> > experience with OAuth, or because of OAuth itself).
> > In either case, we couldn't complete the task.
> >
> > I was having a look at it today and I'm having troubles with it, so I was
> > wondering if someone from the community could give me a hint.
> >
> > Basically, what I'm having problems with is regarding how to store the
> > information regarding the authentication process. Since we're dealing
> with
> > a Angular single page web application that queries RESTful endpoints,
> > storing the information in a session on the server is not an option.
> > Looking around it seems like the available options are pretty much two:
> use
> > cookies as means of storage, or use the sessionStorage/localStorage from
> > HTML5. Any idea about which is the preferred way to deal with this?
> >
> > At the moment I tried having an endpoint that retrieves a request token
> > from bitbucket, sends back to the UI the generated authorization url
> along
> > with the token secret (needed to later request an access token, how do we
> > store this? cookie?). The UI then redirects the user to the retrieved
> > authentication url, the user grants the permission and gets redirected
> back
> > to the callback endpoint that retrieves the access token using the token,
> > the verifier, and the secret (same one we retrieved previously). This
> > endpoint should then redirect the user back to the homepage and provide
> the
> > UI the access token in some way.
> >
> > That's pretty much where I'm stuck. :-)
> >
> > Any suggestion would be really appreciated!
> >
> > Thanks!
> > Enrico
> >

More information about the adoption-discuss mailing list