feat(web): add Bitbucket Server (Data Center) SSO identity provider#934
feat(web): add Bitbucket Server (Data Center) SSO identity provider#934brendan-kellam merged 5 commits intomainfrom
Conversation
Adds `bitbucket-server` as a custom OAuth 2.0 SSO identity provider for self-hosted Bitbucket Server / Data Center instances. Uses a two-step userinfo fetch (whoami → user profile API) and client_secret_post for token exchange, as required by Bitbucket Server's OAuth 2.0 implementation. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This comment has been minimized.
This comment has been minimized.
|
Caution Review failedThe pull request is closed. ℹ️ Recent review infoConfiguration used: Organization UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (2)
WalkthroughAdds Bitbucket Server (Data Center) OAuth 2.0 SSO support by introducing a new provider type Changes
Sequence Diagram(s)sequenceDiagram
participant User as User
participant App as Sourcebot App
participant Auth as Bitbucket Server (Auth)
participant API as Bitbucket Server (API)
User->>App: Click "Sign in with Bitbucket Server"
App->>Auth: Redirect to authorization endpoint (client_id, redirect_uri, scope, state)
Auth->>User: Prompt for consent
User->>Auth: Grant access
Auth-->>App: Redirect back with code
App->>Auth: POST token exchange (code, client_secret)
Auth-->>App: Return access_token / refresh_token
App->>API: GET userinfo using access_token
API-->>App: Return user profile
App->>App: Map profile to identity, create session
App-->>User: Redirect to application (authenticated)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
packages/schemas/src/v3/identityProvider.schema.ts (1)
914-921: Generated schema reflects the samebaseUrlformat gap.This is the same issue already noted in the JSON schema source; fix there and regenerate to keep artifacts aligned.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/schemas/src/v3/identityProvider.schema.ts` around lines 914 - 921, The generated schema's "baseUrl" property uses an incorrect/overly permissive regex in identityProvider.schema.ts; update the source JSON schema (the original schema definition that defines the "baseUrl" property's "pattern") to the correct URL pattern (fix the pattern value for the "baseUrl" property) and then regenerate the TypeScript artifacts so identityProvider.schema.ts is regenerated with the corrected "baseUrl" pattern.
🧹 Nitpick comments (2)
schemas/v3/identityProvider.json (1)
235-240: Addformatvalidation tobaseUrlfor schema consistency.Line 235 defines
baseUrlwithout aformat, while other URL-based provider fields in this schema include one. Adding it improves consistency and tooling validation.♻️ Suggested schema tweak
"baseUrl": { "type": "string", + "format": "url", "description": "The URL of the Bitbucket Server/Data Center host.", "examples": ["https://bitbucket.example.com"], "pattern": "^https?:\\/\\/[^\\s/$.?#].[^\\s]*$" }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@schemas/v3/identityProvider.json` around lines 235 - 240, The baseUrl property in the identityProvider schema is missing a format and should include one for consistency with other URL fields; update the "baseUrl" JSON schema entry (the property named "baseUrl") to add "format": "uri" alongside the existing "type", "description", "examples", and "pattern" so tooling/validators recognize it as a URL while preserving the existing pattern.docs/snippets/schemas/v3/index.schema.mdx (1)
5455-5462: Addformat: "url"tobaseUrlfor schema consistency.Line 5456 and Line 6383 define URL fields without
format: "url", unlike other host URL fields in this schema. Pattern validation exists, but addingformatimproves consistency and editor/schema tooling support.Suggested diff
"baseUrl": { "type": "string", + "format": "url", "description": "The URL of the Bitbucket Server/Data Center host.", "examples": [ "https://bitbucket.example.com" ], "pattern": "^https?:\\/\\/[^\\s/$.?#].[^\\s]*$" }"baseUrl": { "type": "string", + "format": "url", "description": "The URL of the Bitbucket Server/Data Center host.", "examples": [ "https://bitbucket.example.com" ], "pattern": "^https?:\\/\\/[^\\s/$.?#].[^\\s]*$" }Also applies to: 6382-6389
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/snippets/schemas/v3/index.schema.mdx` around lines 5455 - 5462, The schema property "baseUrl" currently has type:string and a pattern but is missing the JSON Schema format; update the "baseUrl" property definitions (the property named baseUrl in this schema and the corresponding baseUrl occurrence around the other section) to include format: "url" in addition to the existing type and pattern so editors and tooling recognize it as a URL and match other host URL fields in the document.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/web/src/ee/features/sso/sso.ts`:
- Around line 279-287: In the request method, harden the userinfo fetches by
adding request timeouts and response-status checks and by URL-encoding the
username before building the profile URL: use an AbortController (or equivalent)
with a short timeout for both the whoami fetch and the profile fetch, check
whoamiRes.ok and profileRes.ok and throw/return a clear error if either is not
OK, derive username via (await whoamiRes.text()).trim() but pass it through
encodeURIComponent before interpolating into
`${baseUrl}/rest/api/1.0/users/${...}`, and ensure any aborted/timeouted fetches
are handled and surfaced rather than allowing hangs or malformed lookups.
---
Duplicate comments:
In `@packages/schemas/src/v3/identityProvider.schema.ts`:
- Around line 914-921: The generated schema's "baseUrl" property uses an
incorrect/overly permissive regex in identityProvider.schema.ts; update the
source JSON schema (the original schema definition that defines the "baseUrl"
property's "pattern") to the correct URL pattern (fix the pattern value for the
"baseUrl" property) and then regenerate the TypeScript artifacts so
identityProvider.schema.ts is regenerated with the corrected "baseUrl" pattern.
---
Nitpick comments:
In `@docs/snippets/schemas/v3/index.schema.mdx`:
- Around line 5455-5462: The schema property "baseUrl" currently has type:string
and a pattern but is missing the JSON Schema format; update the "baseUrl"
property definitions (the property named baseUrl in this schema and the
corresponding baseUrl occurrence around the other section) to include format:
"url" in addition to the existing type and pattern so editors and tooling
recognize it as a URL and match other host URL fields in the document.
In `@schemas/v3/identityProvider.json`:
- Around line 235-240: The baseUrl property in the identityProvider schema is
missing a format and should include one for consistency with other URL fields;
update the "baseUrl" JSON schema entry (the property named "baseUrl") to add
"format": "uri" alongside the existing "type", "description", "examples", and
"pattern" so tooling/validators recognize it as a URL while preserving the
existing pattern.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (11)
CHANGELOG.mddocs/docs/configuration/idp.mdxdocs/snippets/schemas/v3/identityProvider.schema.mdxdocs/snippets/schemas/v3/index.schema.mdxpackages/schemas/src/v3/identityProvider.schema.tspackages/schemas/src/v3/identityProvider.type.tspackages/schemas/src/v3/index.schema.tspackages/schemas/src/v3/index.type.tspackages/web/src/ee/features/sso/sso.tspackages/web/src/lib/utils.tsschemas/v3/identityProvider.json
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Summary
bitbucket-serveras a new OAuth 2.0 SSO identity provider for self-hosted Bitbucket Server / Data Center instancesDetails
The provider uses Bitbucket Server's OAuth 2.0 endpoints:
{baseUrl}/rest/oauth2/latest/authorize{baseUrl}/rest/oauth2/latest/token(withclient_secret_postauth method)GET {baseUrl}/plugins/servlet/applinks/whoami→ username →GET {baseUrl}/rest/api/1.0/users/{username}Test plan
<sourcebot_url>/api/auth/callback/bitbucket-serverconfig.yamlwith valid credentialsproviderAccountIdin the database is set to the numeric Bitbucket user ID (not the username)🤖 Generated with Claude Code
Mintlify
0 threads from 0 users in Mintlify
Summary by CodeRabbit
New Features
Documentation