spenpal opened a new pull request, #8604: URL: https://github.com/apache/incubator-devlake/pull/8604
# Bitbucket API Token Authentication Support ## Summary This PR adds support for Bitbucket API tokens as an authentication method for the Bitbucket plugin, in response to Atlassian's deprecation timeline for App passwords (creation discontinued September 9, 2025; all deactivated June 9, 2026). **Key Changes:** - **Backend**: Added `UsesApiToken` boolean field to track authentication type (both use HTTP Basic Auth with `username:credential` format) - **Frontend**: Custom authentication component with radio selection between "API Token (Recommended)" and "App Password (Deprecated)" - **Migration**: Automatic backward compatibility for existing App password connections (`usesApiToken = false` by default) - **UX**: Deprecation warnings in UI and logs, dynamic username guidance (email for API tokens vs. username for App passwords) - **Documentation**: Updated onboarding guide with API token creation instructions and required scopes **Authentication Details:** - Both methods use HTTP Basic Auth (NOT Bearer tokens) - API tokens require **Atlassian account email** as username - App passwords require **Bitbucket username** - Default for new connections: API Token **Testing:** - 26 unit tests added (13 model, 11 API, 2 migration) - All tests passing - Backward compatible with existing connections ## Does this close any open issues? Closes #8520 ## Screenshots **New Connection Form (API Token - Default)** <img width="654" height="688" alt="image" src="https://github.com/user-attachments/assets/a71d7b22-e8bf-4198-a332-bf78b0949e13"; /> **App Password Mode (Deprecated - with warning)** Shows deprecation banner when App Password is selected, warning users about the June 9, 2026 deactivation date. ## Other Information ### Migration Path - **Existing users**: Connections continue working with App passwords; deprecation warnings guide migration to API tokens - **New users**: Default to API tokens (recommended method) - **Zero breaking changes**: All existing connections preserved ### Required API Token Scopes - Account:Read, Workspace membership:Read, Repositories:Read, Projects:Read, Pull requests:Read, Issues:Read, Pipelines:Read, Runners:Read -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
