mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-04-04 22:34:22 +02:00
Bitbucket Auth Provider docs (#447)
* Bitbucket Auth Provider docs * Typo fixed
This commit is contained in:
parent
4d7349f9c6
commit
4eef21cf3d
@ -23,6 +23,7 @@ Valid providers are :
|
||||
- [login.gov](#logingov-provider)
|
||||
- [Nextcloud](#nextcloud-provider)
|
||||
- [DigitalOcean](#digitalocean-auth-provider)
|
||||
- [Bitbucket](#bitbucket-auth-provider)
|
||||
|
||||
The provider can be selected using the `provider` configuration value.
|
||||
|
||||
@ -342,6 +343,27 @@ To use the provider, pass the following options:
|
||||
|
||||
Alternatively, set the equivalent options in the config file. The redirect URL defaults to `https://<requested host header>/oauth2/callback`. If you need to change it, you can use the `--redirect-url` command-line option.
|
||||
|
||||
### Bitbucket Auth Provider
|
||||
|
||||
1. [Add a new OAuth consumer](https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html)
|
||||
* In "Callback URL" use `https://<oauth2-proxy>/oauth2/callback`, substituting `<oauth2-proxy>` with the actual hostname that oauth2_proxy is running on.
|
||||
* In Permissions section select:
|
||||
* Account -> Email
|
||||
* Team membership -> Read
|
||||
* Repositories -> Read
|
||||
2. Note the Client ID and Client Secret.
|
||||
|
||||
To use the provider, pass the following options:
|
||||
|
||||
```
|
||||
--provider=bitbucket
|
||||
--client-id=<Client ID>
|
||||
--client-secret=<Client Secret>
|
||||
```
|
||||
|
||||
The default configuration allows everyone with Bitbucket account to authenticate. To restrict the access to the team members use additional configuration option: `--bitbucket-team=<Team name>`. To restrict the access to only these users who has access to one selected repository use `--bitbucket-repository=<Repository name>`.
|
||||
|
||||
|
||||
## Email Authentication
|
||||
|
||||
To authorize by email domain use `--email-domain=yourcompany.com`. To authorize individual email addresses use `--authenticated-emails-file=/path/to/file` with one email per line. To authorize all email addresses use `--email-domain=*`.
|
||||
|
Loading…
x
Reference in New Issue
Block a user