I am developing a bitbucket app that is handling installations from different sources. One thing I do not understand is how I can authenticate users using the bitbucket app.
- My user clicks on http://mybitbucketinstallation.com/oauth/client=XXX&redirect_uri=https://bitbucketapp.com
- The backend on bitbucket.app.com sends a requests to get a token on mybitbucketinstallation.com
- If a token is received, I authenticate the user
What is missing is step 2: how do I know the host (mybitbucketinstallation.com) that I should contact?
That way, I could keep a single flow to authenticate all users from all bitbucket installation in my app.
An alternative way would be to require each installation to register an oauth consumer. That would definitively defeat the purpose of having an app that handles multiple installations and I am sure there is a better way to do this.
Any guidance as to how to proceed?