OAuth authentication on external installations for Bitbucket App

I am developing a bitbucket app that is handling installations from different sources. One thing I do not understand is how I can authenticate users using the bitbucket app.


  1. My user clicks on http://mybitbucketinstallation.com/oauth/client=XXX&redirect_uri=https://bitbucketapp.com
  2. The backend on bitbucket.app.com sends a requests to get a token on mybitbucketinstallation.com
  3. If a token is received, I authenticate the user

What is missing is step 2: how do I know the host (mybitbucketinstallation.com) that I should contact?

That way, I could keep a single flow to authenticate all users from all bitbucket installation in my app.

An alternative way would be to require each installation to register an oauth consumer. That would definitively defeat the purpose of having an app that handles multiple installations and I am sure there is a better way to do this.

Any guidance as to how to proceed?

We list the different ways you can authenticate users here: https://developer.atlassian.com/cloud/bitbucket/oauth-2/. It seems like you want the first option.

However, I’d recommend developing your Bitbucket app with Atlassian Connect instead. Here are some helpful pages:

Thanks for your answer.

The problem with the atlassian connect is that it forces to use a language and framework. Which cannot work for everybody and all use cases and that is why having API (REST, webhook) clearly documented (as does GitHub for example) would help. I tried to use other languages and framework but they seem outdated and forces to retro-engineer the node app, which takes a significant amount of time.

1 Like