spenpal opened a new issue, #8520:
URL: https://github.com/apache/incubator-devlake/issues/8520
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
## What and why to refactor
Currently, the Bitbucket plugin in Apache DevLake relies on “App passwords”
for authentication to Bitbucket Cloud. Bitbucket has announced that on
**September 9, 2025**, creation of App passwords will be discontinued, and on
**June 9, 2026**, all existing App passwords will be deactivated. After these
dates, any DevLake connections using App passwords will break and fail to sync
Bitbucket data.
To ensure uninterrupted operation and long-term support for Bitbucket
integrations, we need to refactor the plugin to support the new **Bitbucket API
tokens** authentication mechanism.
## Describe the solution you’d like
1. **Support API token authentication**
- Add a new authentication mode in the Bitbucket connector configuration
to accept API tokens in lieu of App passwords.
- Update the DevLake client library to include the `Authorization: Bearer
<API_TOKEN>` header when connecting to Bitbucket Cloud.
2. **Migration path and validation**
- Detect at runtime which credential type is provided (App password vs.
API token) and validate accordingly.
- Provide clear error messages if an App password is used
post-deprecation or if an API token lacks required scopes.
3. **Documentation updates**
- Revise the “Connecting Bitbucket” docs to walk users through generating
API tokens, the required scopes (Account:Read, Workspace membership:Read,
Repositories:Read, Projects:Read, Pull requests:Read, Issues:Read,
Pipelines:Read, Runners:Read), and updating their DevLake blueprint.
4. **Backward compatibility and defaults**
- Preserve existing App password support until June 9, 2026 but display
deprecation warnings in logs and the UI.
- Default new installations to require API tokens only.
## Related issues
_None_
## Additional context
Bitbucket’s in-product warning when creating App passwords:
<img width="963" height="176" alt="Bitbucket App passwords deprecation
warning"
src="https://github.com/user-attachments/assets/8907dc9b-17b8-4e8a-aee3-d3c6adb98027";
/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@devlake.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
