Skip to content

feat(web): add Bitbucket Server (Data Center) SSO identity provider #934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
brendan-kellam merged 5 commits into from
Feb 25, 2026
Merged

feat(web): add Bitbucket Server (Data Center) SSO identity provider #934

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6f3ec43
feat(web): add Bitbucket Server (Data Center) SSO identity provider
brendan-kellam Feb 24, 2026
764147f
chore: update CHANGELOG for #934
brendan-kellam Feb 24, 2026
e1ecf25
Update packages/web/src/ee/features/sso/sso.ts
brendan-kellam Feb 25, 2026
fb4a343
Merge branch 'main' into brendan/bitbucket-server-sso
brendan-kellam Feb 25, 2026
0cc09c1
nit
brendan-kellam Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Added permission syncing support for Bitbucket Cloud. [#925](https://github.com/sourcebot-dev/sourcebot/pull/925)
- Added `wa_user_created` PostHog event fired on successful user sign-up. [#933](https://github.com/sourcebot-dev/sourcebot/pull/933)
- Added `wa_askgh_login_wall_prompted` PostHog event fired when an unauthenticated user attempts to ask a question on Ask GitHub. [#933](https://github.com/sourcebot-dev/sourcebot/pull/933)
- Added Bitbucket Server (Data Center) OAuth 2.0 SSO identity provider support (`provider: "bitbucket-server"`). [#934](https://github.com/sourcebot-dev/sourcebot/pull/934)

### Changed
- Hide version upgrade toast for askgithub deployment (`EXPERIMENT_ASK_GH_ENABLED`). [#931](https://github.com/sourcebot-dev/sourcebot/pull/931)
Expand Down
45 changes: 45 additions & 0 deletions docs/docs/configuration/idp.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,51 @@ in the Bitbucket Cloud identity provider config.
</Accordion>


### Bitbucket Server

A Bitbucket Server (Data Center) connection can be used for [authentication](/docs/configuration/auth).

<Accordion title="instructions">
<Steps>
<Step title="Register an OAuth 2.0 Application">
To begin, you must register an OAuth 2.0 application in your Bitbucket Server instance to facilitate the identity provider connection.

In your Bitbucket Server admin panel, navigate to **Administration → Application Links** and create a new incoming external application link.

When configuring your application:
- Set the redirect URL to `<sourcebot_url>/api/auth/callback/bitbucket-server` (ex. https://sourcebot.coolcorp.com/api/auth/callback/bitbucket-server)

The result of creating the application is a `CLIENT_ID` and `CLIENT_SECRET` which you'll provide to Sourcebot.
</Step>
<Step title="Define environment variables">
To provide Sourcebot the client id and secret for your OAuth application you must set them as environment variables. These can be named whatever you like
(ex. `BITBUCKET_SERVER_IDENTITY_PROVIDER_CLIENT_ID` and `BITBUCKET_SERVER_IDENTITY_PROVIDER_CLIENT_SECRET`)
</Step>
<Step title="Define the identity provider config">
Finally, pass the client id, client secret, and your Bitbucket Server base URL to Sourcebot by defining a `identityProvider` object in the [config file](/docs/configuration/config-file):

```json wrap icon="code"
{
"$schema": "https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/schemas/v3/index.json",
"identityProviders": [
{
"provider": "bitbucket-server",
"purpose": "sso",
"baseUrl": "https://bitbucket.example.com",
"clientId": {
"env": "YOUR_CLIENT_ID_ENV_VAR"
},
"clientSecret": {
"env": "YOUR_CLIENT_SECRET_ENV_VAR"
}
}
]
}
```
</Step>
</Steps>
</Accordion>

### Google

[Auth.js Google Provider Docs](https://authjs.dev/getting-started/providers/google)
Expand Down
174 changes: 174 additions & 0 deletions docs/snippets/schemas/v3/identityProvider.schema.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -841,6 +841,93 @@
"clientSecret",
"issuer"
]
},
"BitbucketServerIdentityProviderConfig": {
"type": "object",
"additionalProperties": false,
"properties": {
"provider": {
"const": "bitbucket-server"
},
"purpose": {
"const": "sso"
},
"clientId": {
"anyOf": [
{
"type": "object",
"properties": {
"env": {
"type": "string",
"description": "The name of the environment variable that contains the token."
}
},
"required": [
"env"
],
"additionalProperties": false
},
{
"type": "object",
"properties": {
"googleCloudSecret": {
"type": "string",
"description": "The resource name of a Google Cloud secret. Must be in the format `projects/<project-id>/secrets/<secret-name>/versions/<version-id>`. See https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets"
}
},
"required": [
"googleCloudSecret"
],
"additionalProperties": false
}
]
},
"clientSecret": {
"anyOf": [
{
"type": "object",
"properties": {
"env": {
"type": "string",
"description": "The name of the environment variable that contains the token."
}
},
"required": [
"env"
],
"additionalProperties": false
},
{
"type": "object",
"properties": {
"googleCloudSecret": {
"type": "string",
"description": "The resource name of a Google Cloud secret. Must be in the format `projects/<project-id>/secrets/<secret-name>/versions/<version-id>`. See https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets"
}
},
"required": [
"googleCloudSecret"
],
"additionalProperties": false
}
]
},
"baseUrl": {
"type": "string",
"description": "The URL of the Bitbucket Server/Data Center host.",
"examples": [
"https://bitbucket.example.com"
],
"pattern": "^https?:\\/\\/[^\\s/$.?#].[^\\s]*$"
}
},
"required": [
"provider",
"purpose",
"clientId",
"clientSecret",
"baseUrl"
]
}
},
"oneOf": [
Expand Down Expand Up @@ -1681,6 +1768,93 @@
"clientId",
"clientSecret"
]
},
{
"type": "object",
"additionalProperties": false,
"properties": {
"provider": {
"const": "bitbucket-server"
},
"purpose": {
"const": "sso"
},
"clientId": {
"anyOf": [
{
"type": "object",
"properties": {
"env": {
"type": "string",
"description": "The name of the environment variable that contains the token."
}
},
"required": [
"env"
],
"additionalProperties": false
},
{
"type": "object",
"properties": {
"googleCloudSecret": {
"type": "string",
"description": "The resource name of a Google Cloud secret. Must be in the format `projects/<project-id>/secrets/<secret-name>/versions/<version-id>`. See https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets"
}
},
"required": [
"googleCloudSecret"
],
"additionalProperties": false
}
]
},
"clientSecret": {
"anyOf": [
{
"type": "object",
"properties": {
"env": {
"type": "string",
"description": "The name of the environment variable that contains the token."
}
},
"required": [
"env"
],
"additionalProperties": false
},
{
"type": "object",
"properties": {
"googleCloudSecret": {
"type": "string",
"description": "The resource name of a Google Cloud secret. Must be in the format `projects/<project-id>/secrets/<secret-name>/versions/<version-id>`. See https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets"
}
},
"required": [
"googleCloudSecret"
],
"additionalProperties": false
}
]
},
"baseUrl": {
"type": "string",
"description": "The URL of the Bitbucket Server/Data Center host.",
"examples": [
"https://bitbucket.example.com"
],
"pattern": "^https?:\\/\\/[^\\s/$.?#].[^\\s]*$"
}
},
"required": [
"provider",
"purpose",
"clientId",
"clientSecret",
"baseUrl"
]
}
]
}
Expand Down
Loading