Bitbucket PostReceiveHook Issue Creation

Bitbucket Development
1

Hi,

I am building a plugin which is supposed to create issues depending on the commit message.
The filtering that I am doing is working fine, now I come to the hard part.

public class TodoDetectingCallback implements RepositoryHookCommitCallback {

    private static final Logger log = LoggerFactory.getLogger(TodoDetectingCallback.class);

    private final Repository repository;
    private final Map<String, RefChange> refChangeById;

    public TodoDetectingCallback(Repository repository, Map<String, RefChange> refChangeById) {
        this.repository = repository;
        this.refChangeById = refChangeById;
    }

    @Override
    public boolean  onCommitAdded(@Nonnull CommitAddedDetails commitDetails) {
        try {
            List<Issue> commitIssues  = getIssuesFromCommit(commitDetails.getCommit());
            for (Issue i : commitIssues){
               // create Issue in JIRA here
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return true;
    }

}

I know that it’s possible to communicate with other apps if they are linked via an ApplicationLink. I kind of pieced that together using a well known Bitbucket Plugin ‘Yet another commit checker’ and took a look at the JiraServiceImpl Class in there:
JiraServiceImpl.java

From what I can get these lines are what enable communicating with the JIRA instance:

 ApplicationLinkRequest req = link.createAuthenticatedRequestFactory()
                        .createRequest(Request.MethodType.POST, "/rest/api/2/search");

The link in this method is a ReadOnlyApplicationLink which I assume would not work with creating issues, which means I have to perform some sort of authentication. I already googled around and the REST interface accepts an authentication header with the base64 encoded user:pw. For the hook this is not an option. So I went on and apperantly you can also use OAuth for authentication as well as impersonation. My question is how would you do that?

Another problem I do not understand is how is the ApplicationLinkService wired to the JiraServiceImpl? I assumed it had something to do with the atlassian-plugin.xml and the component imports there:
atlassian-plugin.xml
But when I try to replicate the usage of the component-import I get the error:
atlassian-plugin.xml contains a definition of component-import. This is not allowed when Atlassian-Plugin-Key is set

So I again googled around and found out that now you are supposed to do that with spring scanner annotations - can anybody confirm this?