More granular scopes for OAuth Repository permissions

XMLWordPrintable

      Problem Definition

      At the moment, the Repositories : Read permissions for OAuth gives Read access to both commits of a repository as well as its source code.

      Add-ons developed for Bitbucket Cloud may only need commits information to work. However, when installed on a certain workspace, they also gain read access to repos' source code as well. This may not be desirable by end-users who want to use a certain Bitbucket add-on, but without granting source code access to the add-on when it is not needed.

      Suggested Solution

      Provide more granular OAuth permissions for 'Repositories', e.g. separate permissions for commits, source, etc.
      This way, developers of add-ons can restrict the add-on permissions e.g. to commits only, providing better security.

            Assignee:
            Unassigned
            Reporter:
            Theodora Boudale (Inactive)
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: