On July 31 2017, we announced deprecation of Oauth 1.0 for Bitbucket Cloud. Some customers are still using these authentication methods. However, on Feb 27, 2026, we’ll be fully retiring support for OAuth 1.0 and implicit grants.
Why we’re making this change
OAuth 1.0 is an older protocol that no longer meets modern security standards. As mentioned previously, we have previously communicated its deprecation in favor of OAuth 2.0 and JWT-based methods. The Implicit Grant flow is also considered insecure because it delivers access tokens directly through the browser. This makes them easier to intercept or expose to malicious scripts.
We’re making these changes to keep your data and integrations secure and compliant with the latest best practices.
What you need to do
If you’re still using OAuth 1.0 with Bitbucket Cloud, please plan to migrate before Feb 27, 2026 using our authentication guide which has full details on how to set this up. Due to best practice recommendations from Oauth 2.0, implicit grants within Bitbucket Cloud will no longer be supported.
After the cutoff date
Once support ends, any requests using OAuth 1.0 or implicit grants will stop working. You’ll need to update your client registration, reissue tokens using the supported method, and adjust your application accordingly.
We know updates like this take time, and we’re here to help. If you have questions or need help migrating, please reach out to our support or developer relations team.
Thanks for helping us keep our platform safe and up to date.