OAuth 2.0 provider system properties
When configuring Bitbucket as an OAuth 2.0 provider (incoming link), you can use these system properties.
atlassian.oauth2.provider.enable.access.tokens | |
|---|---|
| Default | true |
| Description | Disables the ability to authenticate using access tokens for that node. |
atlassian.oauth2.provider.skip.base.url.https.requirement | |
| Default | false |
| Description | Disables the HTTPS requirement for the base URL. If this is disabled, the OAuth 2.0 provider will be enabled even if the product is using HTTP. |
| atlassian.oauth2.provider.skip.redirect.url.https.requirement | |
| Default | false |
| Description | Disables the HTTPS requirement for the Redirect URL. If this is disabled, the OAuth 2.0 provider will allow Redirect URLs using HTTP. |
| atlassian.oauth2.provider.max.lock.timeout.seconds | |
| Default | 10 |
| Description | Number of seconds a request will await lock access before timing out. |
| atlassian.oauth2.provider.max.client.delay.seconds | |
| Default | 10 |
| Description | Max lifetime of authorization codes (seconds). The limit is 600 seconds. |
| atlassian.oauth2.provider.prune.expired.authorizations.schedule | |
| Default | * * * * * ? |
| Description | Cron expression for a job that removes expired authorization codes. Default is 1 minute. |
| atlassian.oauth2.provider.access.token.expiration.seconds | |
| Default | 3600 (1 hour) |
| Description | Max lifetime of access tokens (seconds). |
| atlassian.oauth2.provider.prune.expired.tokens.schedule | |
| Default | * * * * * ? |
| Description | Cron expression for a job that removes expired access tokens. Default is 1 minute. |
| atlassian.oauth2.provider.refresh.token.expiration.seconds | |
| Default | 7776000 (90 days) |
| Description | Max lifetime of refresh tokens (seconds). |
| atlassian.oauth2.provider.invalidate.session.enabled | |
| Default | true |
| Description | Invalidates a session after a successful authentication using an OAuth token. |
| atlassian.oauth2.provider.validate.client.secret | |
| Default | true |
| Description | Validates the client ID and client secret when revoking and creating tokens. |
| atlassian.oauth2.provider.use.quotes.in.sql | |
| Default | false |
| Description | Controls whether to add quotes to SQL statements. This is a sanity system property used for database requirements. PostgreSQL will always use quotes unless the |
| atlassian.oauth2.provider.do.not.use.quotes.in.sql | |
| Default | false |
| Description | Controls whether to add quotes to SQL statements. This is a sanity system property used for database requirements. |
| atlassian.oauth2.provider.token.via.basic.authentication | |
| Default | true |
| Description | Enables extracting tokens through the basic authentication password field for access token authentication. |
| atlassian.oauth2.provider.client.credentials.expiration.seconds | |
| Default | 7776000 |
| Description | Controls the lifetime (in seconds) of the client ID and secret. The lifetime of client IDs and secrets is restricted to a maximum of 730 days. However, this period can be reduced as needed, with a default setting of 90 days. This aims to encourage regular rotation of credentials. |
| atlassian.oauth2.provider.refresh.token.limit.per.client.user | |
| Default | 25 |
| Description | Controls the maximum number of refresh tokens allowed per client ID and user. By default, it's limited to 25. This limitation helps manage resource usage and ensures that token proliferation is kept in check. |