Bitbucket Forge lint error when using "allowImpersonation" in manifest

UlrichKuhnhardtIzym1 · July 1, 2025, 2:30am

I want to use user impersonation for a bitbucket forge app like
api.asUser(accountId).requestBitbucket(...) as per documentation.
I have updated manifest.yml accordingly

permissions:
  scopes:
    - read:repository:bitbucket:
        allowImpersonation: true
    - write:repository:bitbucket:
        allowImpersonation: true
    - admin:repository:bitbucket: {}
    - delete:repository:bitbucket: {}
    - read:pullrequest:bitbucket:
        allowImpersonation: true
    - write:pullrequest:bitbucket:
        allowImpersonation: true
    - read:project:bitbucket: {}
    - admin:project:bitbucket: {}
    - read:workspace:bitbucket: {}
    - read:user:bitbucket: {}
    - read:app-system-token: {}
    - read:permission:bitbucket: {}

I get forge (v 12.0.0) lint errors

forge-uikit/src/triggers/index.js
7:63    error    Bitbucket endpoint: GET /workspaces/{workspace}/permissions requires "read:workspace:bitbucket" scope  permission-scope-required

10:4    error    Bitbucket endpoint: POST /repositories/{workspace}/{repo_slug}/pullrequests/{pull_request_id}/merge requires "read:pullrequest:bitbucket" scope  permission-scope-required

10:4    error    Bitbucket endpoint: POST /repositories/{workspace}/{repo_slug}/pullrequests/{pull_request_id}/merge requires "write:pullrequest:bitbucket" scope  permission-scope-required

forge-uikit/manifest.yml
1:0     error    permissions property scopes must be string  valid-document-required

1:0     error    permissions property scopes must be object  valid-document-required

1:0     error    permissions property scopes required properties are   valid-document-required

Is this manifest with allowImpersonation incorrect?

RhiannonGray · July 1, 2025, 5:10am

I have a working Confluence app that uses impersonation, and my manifest looks like:

...
permissions:
  scopes:
    read:page:confluence: {}
    read:space:confluence: {}
    read:confluence-content.summary: {}
    read:confluence-content.all: {}
    read:attachment:confluence: {}
    write:confluence-content:
      allowImpersonation: true
    write:page:confluence:
      allowImpersonation: true
    write:confluence-file:
      allowImpersonation: true
...

Might be worth trying something like that instead?

UlrichKuhnhardtIzym1 · July 2, 2025, 6:31am

Thanks @RhiannonGray - changing the scope format from list to object literal (in order to use allowImpersonation or {} does the trick.

  scopes:
    read:repository:bitbucket:
      allowImpersonation: true
    write:repository:bitbucket:
      allowImpersonation: true
    admin:repository:bitbucket: {}