Open precious-void opened 3 years ago
MunifTanjim
commented
3 years ago Hey @shtelzerartem , thanks for openning this draft.
I see there are many unrelated changes. It would make reviewing this so much harder. For example:
Can you please remove those?
precious-void
commented
3 years ago @MunifTanjim yes, for sure!
I still feel a bit frustrated about the structure of auth plugin and its flow.
That is why I have done a draft PR: just to describe the general idea of the organization of authentication strategies.
Also, there are some other things that are missing right now, for example, after hook to refresh access_token if it is expired.
I will probably clean the code soon, so you will be able to review it.
precious-void
commented
3 years ago @MunifTanjim hey, I have tried to clear it as much as possible. There are structural changes, I merged together auth and authentication plugins into one monolith plugin for the first solution. I need your help with splitting them, as it was done in github's octokit.
Raspikabek
commented
3 years ago It might be the case I'm implementing it wrong, but I'm getting an error when trying to test this.
What I've done so far:
yarn & yarn packimport { Bitbucket } from './lib/index.js'
const doSomething = async () => {
const options = {
authStrategy: 'OAuth',
auth: {
grant_type: 'clientCredentialsGrant',
client_id: 'OAUTH_CONSUMER_CLIENTID',
client_secret: 'OAUTH_CONSUMER_SECRET'
}
}
try {
const bitbucket = new Bitbucket(options)
console.log(await bitbucket.auth())
const result = await bitbucket.user.get({})
console.log(result)
} catch (err) {
console.error(err)
}
}
doSomething()
This returns the following error:
TypeError: Cannot read property 'defaults' of undefined
at N (~/node-bitbucket/lib/index.js:1:12882)
at J (~/node-bitbucket/lib/index.js:1:13336)
at ~/node-bitbucket/lib/index.js:1:13675
at ~/node-bitbucket/lib/index.js:1:13605
at ~/node-bitbucket/lib/index.js:1:13641
at ~/node-bitbucket/lib/index.js:1:13511
at ~/node-bitbucket/lib/index.js:1:14210
at ~/node-bitbucket/lib/index.js:1:14078
at ~/node-bitbucket/lib/index.js:1:14112
at ~/node-bitbucket/lib/index.js:1:13984If I change the auth method to use an AppPassword does return my account information accordingly.
Wonder if there's something wrong in the test script or I'm missing something right now. I guess the expected result is to start the authentication process. I wonder if there's any specific callback URL we should use like HTTPs://localhost:1234/oauth2 or whatsoever in the setup of the bitbucket OAuth consumer application.
Thanks and great job! I'm really keen to see this working and report any issues. (don't have the skill-set right now to contribute in the development side)
precious-void
commented
3 years ago @Raspikabek hey, thanks for testing! Yep, there was a bug, that I have fixed in the latest commit. About implementation — everything is right.
About callbacks. Are you talking about Authorization Code Grant and Implicit grant authentication methods, where the user has to be redirected to bitbucket and then returned back with token params in the query? If yes, unfortunately, I haven't been working on this part.
Raspikabek
commented
3 years ago @Raspikabek hey, thanks for testing! Yep, there was a bug, that I have fixed in the latest commit. About implementation — everything is right.
About callbacks. Are you talking about
Authorization Code GrantandImplicit grantauthentication methods, where the user has to be redirected to bitbucket and then returned back with token params in the query? If yes, unfortunately, I haven't been working on this part.
Nice! Now seems to be working! Thanks for the quick response.
Related to Implicit grant & Authorization Code Grant I guess that might require to implement and import an express application of some sort to include it in the package.
BTW Authorization Code Grant even though I've added a code, it does return an error:
error: {
error_description: 'Missing required field: code',
error: 'invalid_request'
},Anyway... I guess the best approach to implement a secure login process using this library would be by using the JWT Auth and implementing the authorization process to get the JWT token from my own application (the one that requires this library) using something like this example provided by Atlassian
Again thanks a million for the hard work!
precious-void
commented
3 years ago @Raspikabek thank you for another one bug! I will fix it soon.
About Implicit grant and Authorization Code Grant (all the https://bitbucket.org/site/oauth2/authorize requests). This library must not provide a way to resolve them, but just allow you to authenticate requests having responses from them.
Implicit grant
After redirect to your service you will be able to pull out from URL #access_token={token}&token_type=bearer access_token and him as option to Bitbucket Object.
new Bitbucket({
auth: {
type: 'token',
token: '<YOUR BEARER TOKEN>',
},
})Authorization Code Grant
From https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=code you will be redirected to URL with ?code={code}, which you will be able to use further.
new Bitbucket({
authStrategy: 'OAuth',
auth: {
grant_type: 'authorizationCodeGrant',
client_id: '<CLIENT ID>',
client_secret: '<CLIENT SECRET>',
code: '<CLIENT CODE>',
},
})With JWT Auth I think, the same trick.
precious-void
commented
3 years ago @MunifTanjim have you had a chance to go over, it looks, like everything we went over with @Raspikabek work fine.
precious-void
commented
2 years ago @MunifTanjim any update on this?
Issue
Current bitbucket lib is not supporting authorization strategies for OAuth.
What I have done?
I have implemented main OAuth2 authorization methods to retrieve
access_token. It's a draft pull request for bitbucket authStrategies. Would be happy if someone will check or test it.https://developer.atlassian.com/bitbucket/api/2/reference/meta/authentication
Related issue #18