Configure an outgoing link
When you configure an outgoing link to an external application, Bitbucket requests data from this application, which means that it acts as the OAuth client.
We’ve added support for this scenario for future use. Currently, none of the functionalities in Bitbucket use the OAuth 2.0 client role. If you’d like to use Bitbucket as the OAuth 2.0 provider, see Configuring an incoming link.
Before you begin
You need to ensure the following:
Your server needs to run over HTTPS. If it doesn’t, you will not be able to configure OAuth 2.0.
Your base URL needs to be configured correctly. This is important as the redirect URL you’ll need to provide is based on the Bitbucket’s base URL.
Create an outgoing link using application links
To create an outgoing link:
Go to Administration > Applications > Application links.
Select Create link.
Select External application, and then choose Outgoing as the direction.
Fill in the details as described in the sections below.
Configure your outgoing link
Follow these steps to configure your link.
1. Choose a service provider
Choose one of the following providers that you want to configure. For Google and Microsoft, some of the fields will be pre-filled.
Google
Microsoft
Custom (for internal tools or other providers)
2. Copy the Redirect URL and register it in your external application
Copy the Redirect URL and register it in your external application to obtain the client ID and client secret required to complete the configuration.
If you’re using Google or Microsoft as service providers, you’ll be able to copy the Redirect URL right away. For custom providers, you need to first provide the Authorization endpoint and Token endpoint. For more info on registering the URL with Google or Microsoft, see:
Different providers might have different requirements related to the redirect URL. For example, Google does not allow it to be a private IP address. Make sure you provide an external URL (for example of a load balancer for Data Center).
3. Provide remaining application details
Provide the remaining details. Here you can find descriptions for all the fields:
| Name | Description |
|---|---|
| Client ID | The client ID generated by the external application after registering Bitbucket’s Redirect URL. This is the public identifier of the application. |
| Client secret | The client secret generated by the external application after registering Bitbucket’s Redirect URL. This is the shared secret between Jira and the application, which ensures the authorization is secure. |
| Scopes | The required OAuth 2.0 scopes (permissions) that control what Bitbucket can do in the external application. |
| Authorization endpoint | The HTTPS URL where authorization to use OAuth 2.0 is started. |
| Token endpoint | The HTTPS URL where refresh token requests are sent. As OAuth 2.0 tokens have an expiry, Bitbucket will periodically update the token. |
| Redirect URL | The Redirect URL that must be registered in the external application to obtain its client ID and client secret. This redirects the authentication flow back to Bitbucket. |
3. Save your outgoing link
After you save the link, it will appear on the list together with other application links.