Bitbucket Authentication for SonarQube
Branch: master
Clone or download

Bitbucket Authentication Plugin for SonarQube

Build Status Quality gate Coverage

This plugin enables user authentication via Bitbucket. Both Bitbucket Cloud and Bitbucket Enterprise (Server/Data Center) are supported.

If you want to analyse Bitbucket Pull Requests you should use this or this plugin.


Plugin Requires SonarQube Features
1.0 6.7 or greater Authentication, Single Sign-On
1.1 7.2 or greater Support of Bitbucket Enterprise (buggy, see AUTHBB-1), team restriction, account renaming


  1. Install the plugin through the Marketplace or download it into the SONARQUBE_HOME/extensions/plugins directory
  2. Restart the SonarQube server


  1. In Bitbucket, create a OAuth consumer:
    • Click on your account avatar in the bottom left corner and select Settings.
    • Click on "Access Management" -> "OAuth consumers" -> "Add consumer"
    • Name : Something like "My SonarQube"
    • URL : the SonarQube base URL, for example http://my_server
    • Callback URL : the SonarQube base URL suffixed with /oauth2/callback, for example http://my_server/oauth2/callback
    • Permissions : Check "Account -> Read" (Email will be automatically selected)
    • Save. The generated key and secret are displayed when selecting the consumer.
  2. In SonarQube:
    • Go to "Administration" -> "Configuration" -> "General Settings" -> "Security" -> "Bitbucket"
    • Set "Enabled" to true
    • Set "OAuth consumer key" with the key generated by the Bitbucket OAuth consumer
    • Set "OAuth consumer secret" with the secret provided by the Bitbucket OAuth consumer
  3. Open the login form, a new button "Log in with Bitbucket" allow users to connect to SonarQube with their Bitbucket account.

Note: enabling HTTPS is recommended

  • SonarQube should be publicly accessible through HTTPS
  • Set the SonarQube property "Administration" -> "Configuration" -> "General" -> "Server base URL", for example https://my_server
  • Use https:// URLs in settings of OAuth consumer in Bitbucket.

General Configuration

Property Description Default value
Enabled Enable Bitbucket users to login. Value is ignored if consumer Key and Secret are not defined. false
Allow users to sign-up Allow new users to authenticate. When set to 'false', only existing users will be able to authenticate. true
OAuth consumer key Consumer Key provided by Bitbucket when registering the consumer None
OAuth consumer secret Consumer password provided by Bitbucket when registering the consumer None
Bitbucket API URL Base URL of the Bitbucket server. Used to connect to Bitbucket Enterprise. Buggy. See AUTHBB-1
Teams Users must be members of at least one team in order to be able to authenticate. None (team restriction is disabled)
Login generation strategy When the login strategy is set to 'Unique', the user's login will be auto-generated the first time so that it is unique. When the login strategy is set to 'Same as Bitbucket login', the user's login will be the Bitbucket login. This last strategy allows, when changing the authentication provider, to keep existing users (if logins from new provider are the same than Bitbucket) Unique

Have question or feedback?

To ask questions or provide feedback (request a feature, report a bug etc.), use the SonarSource forum with the tag bitbucket. Please do not forget to specify versions of plugin and SonarQube if the question relates to a bug.



Copyright 2016-2018 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0