Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-21329

More granular scopes for OAuth Repository permissions

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      At the moment, the Repositories : Read permissions for OAuth gives Read access to both commits of a repository as well as its source code.

      Add-ons developed for Bitbucket Cloud may only need commits information to work. However, when installed on a certain workspace, they also gain read access to repos' source code as well. This may not be desirable by end-users who want to use a certain Bitbucket add-on, but without granting source code access to the add-on when it is not needed.

      Suggested Solution

      Provide more granular OAuth permissions for 'Repositories', e.g. separate permissions for commits, source, etc.
      This way, developers of add-ons can restrict the add-on permissions e.g. to commits only, providing better security.

              Unassigned Unassigned
              tboudale Theodora Boudale (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: