I was using BB Cloud’s Oauth implicit grant method in my electron app for authenticating app to fetch the details of my repositories.
It stopped working recently.
Reference link of implicit grant method Bitbucket
I noticed that even if I directly open login page in app browser its not working.
https://id.atlassian.com/login
Here is the code example:
let win = new remote.BrowserWindow({ width: 800, height: 600, show:false, webPreferences: {sandbox: true, }});
win.loadURL('https://id.atlassian.com/login'); // even this is not working
Just to elaborate more on to investigation I did
there is a redirect happens for authorization when you try to open
https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=token
it redirects to id.atlassian.com
. Something like below
https://id.atlassian.com/login?application=bitbucket&continue=https%3A%2F%2Fbitbucket.org%2Faccount%2Fsignin%2F%3Fnext%3D%252Fsite%252Foauth2%252Fauthorize%253Fclient_id%{client_id}%2526response_type%253Dtoken%26redirectCount%3D1
Now this redirection was working before and the loading of login page was working before, but it stopped suddenly in Feb’23.
I am seeing this in app browser
My question is that, is this not supported anymore into in-app browsers? Has there any change happened on id.atlassian.com
?
I am seeking ways to mitigate it, by maintaining same user experience.
I haven’t tried, but I think the workaround is to navigate user to the actual browser instead of in-app browser to authorize (where id.atlassian.com is not restricted and works) and then via redirect url (via auth customer configuration in Bitbucket), return the user back to the app to authenticate the app for further processing.
But is there any way to maintain the same user experience(not navigating user to outside browser) by changing any configuration anywhere?
Hope it describes the situation.