PKCE Support for Bitbucket #7327
Labels
area: extensions/backends/bitbucket
type: feature
code contributing to the implementation of a feature and/or user facing functionality
Is your feature request related to a problem? Please describe.
Bitbucket Cloud currently does not support PKCE (see this) so Decap is currently using Implicit grant instead.
Implicit auth has downsides, per your documentation:
There are other issues like users being locked out from login after tokens expire: #4183
Describe the solution you'd like
There's a feature request for Atlassian's engineering team to add PKCE: https://jira.atlassian.com/browse/BCLOUD-23469
It would be great if interested parties added their support there by:
Describe alternatives you've considered
Use GitLab, Gitea, Forgejo, or other Git hosts that already support the PKCE workflow.
Additional context
PKCE is generally considered more secure than Implicit Auth for public clients that can't safely store a secret. Per the Postman article Implicit Flow is Dead, Try PKCE Instead:
The text was updated successfully, but these errors were encountered: