Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-10455

Ability to drop Basic Authentication and only use personal tokens



    • 3
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.



      Recently we have installed Jira, Confluence (both server) and Bitbucket Data Center (5.2.2) at a client. 
      Zooming in on Bitbucket, we are using a PostgreSQL server which is shared between the other applications. The same goes for the file server. Our install directories are on the server disk and our home directory is mounted on the file server. Furthermore we are using the SSO plugin from resolution. So users via the GUI will be redirected to the IDP and rest api calls are not. (see picture below for an overview)
      Ssh traffic (git operations) is also immediately forwarded to Bitbucket. We do not allow https cloning. Preferable we don't want to allow Basic Authentication at all. The new version of Bitbucket sounded like a good solution (with personal tokens) but I talked to Ada Chen (Atlassian) and she told us that we cannot disable basic authentication. And I also heard that personal tokens are not coming to Jira and Confluence (which. From a security perspective it would be great to be able to disable basic authentication and use personal tokens instead (for REST API calls) for all Atlassian applications. 

      Kind regards
      Rudy Holtkamp (TMC)
      This ticket has been created after request of Tiago Vitorino (tvitorino@atlassian.com)


        Issue Links



              Unassigned Unassigned
              73598c92e650 Rudy Holtkamp
              4 Vote for this issue
              14 Start watching this issue