Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-21329

More granular scopes for OAuth Repository permissions

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Problem Definition

      At the moment, the Repositories : Read permissions for OAuth gives Read access to both commits of a repository as well as its source code.

      Add-ons developed for Bitbucket Cloud may only need commits information to work. However, when installed on a certain workspace, they also gain read access to repos' source code as well. This may not be desirable by end-users who want to use a certain Bitbucket add-on, but without granting source code access to the add-on when it is not needed.

      Suggested Solution

      Provide more granular OAuth permissions for 'Repositories', e.g. separate permissions for commits, source, etc.
      This way, developers of add-ons can restrict the add-on permissions e.g. to commits only, providing better security.

      Attachments

        Activity

          People

            Unassigned Unassigned
            tboudale Theodora Boudale
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: