Details
-
Suggestion
-
Resolution: Unresolved
-
None
Description
Problem Definition
At the moment, the Repositories : Read permissions for OAuth gives Read access to both commits of a repository as well as its source code.
Add-ons developed for Bitbucket Cloud may only need commits information to work. However, when installed on a certain workspace, they also gain read access to repos' source code as well. This may not be desirable by end-users who want to use a certain Bitbucket add-on, but without granting source code access to the add-on when it is not needed.
Suggested Solution
Provide more granular OAuth permissions for 'Repositories', e.g. separate permissions for commits, source, etc.
This way, developers of add-ons can restrict the add-on permissions e.g. to commits only, providing better security.