YouTrack Standalone 2021.2 Help

Bitbucket Cloud Auth Module

The Bitbucket Cloud authentication module is a pre-configured OAuth 2.0 auth module that lets users log in to YouTrack with their Bitbucket Cloud credentials.

Enable Bitbucket Clout Authentication

To allow users with existing accounts in Bitbucket Cloud to log in to YouTrack, enable the authentication module.

This procedure takes place in three steps:

  1. Generate a Redirect URI in YouTrack. When you create an authentication module, YouTrack generates a redirect URI to use with the authorization service. This URI identifies the source of each login request.

  2. Generate a Client ID and Secret in the authorization service. Every login request sent from YouTrack includes a unique identifier. The ID and secret you store in the authentication module tell the Bitbucket Cloud authorization service that each login request is authorized.

  3. Enable the Auth Module in YouTrack. When you have generated the information YouTrack uses to authenticate with the Bitbucket Cloud authorization service, copy the values into YouTrack and enable the module.

Generate a Redirect URI in YouTrack

To get started, open YouTrack and create an authentication module for Bitbucket accounts. When you create the authentication module, YouTrack generates a redirect URI to use with the authorization service.

To generate a redirect URI in YouTrack:

  1. From the Administration menu, select Access Management > Auth Modules.

  2. From the New Module drop-down list, select Bitbucket Cloud.

    • The Auth Modules page displays the settings for a new Bitbucket Cloud authentication module.

    • YouTrack generates a redirect URI for you to use in the authorization service.

    Bitbucket auth redirect uri
  3. If the feature is supported by your browser, use the Copy button to copy the redirect URI to your clipboard.

Generate a Client ID and Secret

The next step is to register the authorized redirect URI for YouTrack in Bitbucket Cloud.

To get a Client ID and Secret in Bitbucket Cloud

  1. Log in to your Bitbucket instance and open the Bitbucket Settings page.

  2. Select OAuth in the left navigation, then, click the Add consumer button.

  3. In the Add OAuth consumer form, provide a name for your YouTrack service in Bitbucket and optional description.

  4. In the Callback URL field, paste the generated URL from the Redirect URI field in YouTrack.

  5. In the Permissions section, enable the Email and Read options in the Account section.

  6. Click the Save button.

  7. Expand the section for the new consumer to display the Key and Secret.

    Bitbucket auth registration

Enable the Auth Module in YouTrack

  1. Copy the Key from Bitbucket Cloud and paste it into the Client ID input field in YouTrack.

  2. Copy the Secret from Bitbucket Cloud and paste it into the Client secret input field in YouTrack.

  3. Configure the optional settings for the authentication module. For more information, see Additional Settings.

  4. Click the Enable module button.

    • The Bitbucket Cloud authentication module is enabled.

    • The icon stored in the Button image setting is added to the login dialog window. Users can click this icon to log in to YouTrack with their credentials in Bitbucket Cloud.

Settings

The first section of the settings page displays the general settings for the authentication module. Here, you also find the redirect URI that you use to register YouTrack in the authorization service and the input fields that store the Client ID and Client Secret that are generated in the authorization service.

SettingDescription
TypeDisplays the type of authorization service that is enabled for third-party authentication in YouTrack.
NameStores the name of the authentication module. Use this setting to distinguish this module from other authentication modules in the Auth Modules list.
Button imageDisplays the image used for the button that a user clicks to log in to YouTrack with a their account in the connected authorization service. You can upload a JPG, GIF or PNG file. The image is resized to 48 x 48 pixels automatically.
Redirect URIDisplays the authorized redirect URI that is used to register the connection to YouTrack in the authorization service.
Client IDStores the identifier that the authorization service uses to validate a login request. You generate this value in the authorization service when you configure the authorization settings for a web application and enter an authorized redirect URI.
Client SecretStores the secret or password used to validate the client ID. You generate this value in the authorization service together with the client ID.
Extension grant

Saves the value that is used to identify the authentication module when used for extension grants. If a value is provided, YouTrack will process requests to exchange access tokens that are issued by the authorization service for tokens that grant access to YouTrack.

To exchange access tokens successfully, the authentication module must be authorized in the third-party authentication service and enabled in YouTrack.

To learn how to exchange access tokens using the Hub REST API, see Extension Grants.

Authorization Service Endpoints

The settings in this section of the page store the OAuth 2.0 endpoints used by Bitbucket Cloud.

For pre-configured OAuth 2.0 modules, the values that are used by the selected authorization service are set automatically.

SettingDescription
AuthorizationStores the endpoint that YouTrack uses to obtain authorization from the resource owner via user-agent redirection.
TokenStores the endpoint that YouTrack uses to exchange an authorization grant for an access token.
User dataStores the endpoint used to locate profile data for the authenticated user.
EmailThe endpoint used to locate the email address of the authenticated user Use only when the email address is not stored in the user profile

Field Mapping

When a user profile response object is returned by Bitbucket Cloud, values from the specified field paths are copied to the the Hub accounts that are linked with each YouTrack profile. Use the following settings to define the endpoint that locates profile data for the authenticated user and map fields that are stored in the authorization service to Hub accounts for YouTrack users.

For the Bitbucket Cloud module, the values are set automatically.

Use a sequence of path segments separated by slashes (/) to specify a path to a field inside a nested object.

Additional settings let you define the request scope, and choose how to authenticate with the service.

FieldDescription
User IDMaps to the field that stores the value to copy to the User ID property in the Hub account.
EmailMaps to the field that stores the value to copy to the Email field in the Hub account.
Email verification stateMaps to the field that stores the value to copy to the verified email property in the Hub account.
Full nameMaps to the field that stores the value to copy to the Full name field in the Hub account.
AvatarMaps to the field that stores the image to use as the Avatar in the Hub account.
Image URL patternGenerates an image URL for avatars that are referenced by an ID. Use the <picture-id> placeholder to reference the field that stores the avatar.

Additional Settings

The following options are located at the bottom of the page. Use these settings to manage Hub account creation and group membership, and to reduce the loss of processing resources consumed by idle connections.

OptionDescription
ScopeSets the scope for the access request. Enter a list of scopes, separated by spaces.
AuthenticationDetermines how credentials are passed to the authorization service.
User creationEnables creation of Hub accounts for unregistered users who log in with an account that is stored in the connected authorization service. YouTrack uses the email address to determine whether the user has an existing account.
Email auto-verificationDetermines how Hub sets the verification status of an email address when the authentication service does not return a value for this attribute.
Auto-join groupsAdds users to a group when they log in with an account that is stored in the connected authorization service. You can select one or more groups. New users that auto-join a group inherit all of the permissions assigned to this group.
We recommend that you add users to at least one group. Otherwise, a new user is only granted the permissions that are currently assigned to the All Users group.
Connection timeoutSets the period of time to wait to establish a connection to the authorization service. The default setting is 5000 milliseconds (5 seconds).
Read timeoutSets the period of time to wait to read and retrieve user profile data from the authorization service. The default setting is 5000 milliseconds (5 seconds).
AuditLinks to the Audit Events page in YouTrack. There, you can view a list of changes that were applied to this authentication module.
Last modified: 26 April 2021