I have worked out to set a new team in concourse ci and can login as Bitbucket users.
fly set-team -n main \
--basic-auth-username myuser \
--basic-auth-password xxxx \
--generic-oauth-display-name bitbucket \
--generic-oauth-client-id xxxx \
--generic-oauth-client-secret xxxx \
--generic-oauth-auth-url https://bitbucket.org/site/oauth2/authorize \
--generic-oauth-token-url https://bitbucket.org/site/oauth2/access_token
The key to set it successfully is, callback url for OAuth consumer in bitbucket need be concourse ci web site only (no /auth/oauth/callback
in callback url)
Now I found a problem. Any users (even new registered free user in bitbucket cloud) can login my concourse ci server.
After did some research, I got this
Generic oAuth
The --generic-oauth-* flags configure a generic oAuth provider which performs no additional verification about the individual user signing in by default. It should only be used with internal auth systems in this way. If it were used to configure Google or Twitter oAuth, for example, it would permit just about every person on the internet to create pipelines. It'd be mighty generous. If you need verification, make sure you are using the --generic-oauth-scope flag.
So are there any ways to stop the unauthorised bitbucket cloud users to login, which should be only limit to my organisation? Same as github's option --github-auth-organization=ORG
I try to add --generic-oauth-scope concourse.main
But always get the error:
failed to verify token
I also read OAuth on Bitbucket Cloud - Scopes and try with most scopes, such as
--generic-oauth-scope account
Still get same error.
What should I put in the scope?
You can also connect to a Bitbucket Cloud workspace by selecting Add shortcut from your project navigation and then selecting Repository. Once the repository link is created, choose Integrate Bitbucket to sync your Jira and Bitbucket accounts.
To set up a new pipeline, target your Concourse server with the fly command using the set-pipeline action. We need to pass the name of the new pipeline with -p option and pass the pipeline configuration file with the -c option: fly -t main set-pipeline -p hello_hapi -c ci/pipeline.
We support the top-used languages such as NodeJS, PHP, Java, Python, and . NET Core; however, based on the language configured in your Bitbucket repository, the template list automatically recommends templates in that language.
For Concourse CI >= v.3.7 and <= v.4.0 you can use the the dedicated Bitbucket Cloud authentication provider. I've written a blog post about this but the gist is to use
fly -t ci set-team -n dev --bitbucket-cloud-auth-client-id=xxx --bitbucket-cloud-auth-client-secret=xxx --bitbucket-cloud-auth-repository=myorg/myrepo`
Sadly, Concourse 4.0's new user model no longer supports bitbucket cloud.
There is no longer support for BitBucket auth. Sorry - Dex doesn't support it. :( However we do support generic LDAP, oAuth, and OIDC connectors, which you may be able to use instead.
Concourse master branch got BitBucket Cloud OAuth back, see
As of today (2018-11-15), there is no release yet supporting BitBucket Cloud OAuth, but the next release, which is due soon, will :-)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With