Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Bitbucket - Create OAuth Client Credentials


I'm building a platform with which the infrastructure is going to be deployed through Terraform, whilst the CI/CD pipelines for the various services are held within Bitbucket. It would be ideal if one could automatically populate the Bitbucket repository/deployment variables once we have the outputs from Terraform. This will save time, and prevent mistakes. This tutorial will show you how you can create a set of client credentials for Bitbucket, which will allow us to use their API, to do just that.


Inside Bitbucket, click on your profile icon in the top-right corner before then clicking on All workspaces.

Select the workspace you wish for your application to work within.

Now select Settings in the left panel.

Click on OAuth consumers, before then clicking the button to Add consumer.

Provide a name (1) to represent your client application, as well as a description explaining what the application does (2). Specify the Callback URL (3). This is the URL that the user will be redirected back to when the user successfully authenticates. Hence it is very important that you provide the endpoint to where you will take the code from the SSO, for turning it into an access token. In this case, I am developing a local tool that will run on my computer, so I am using http://localhost. Optionally provide items 4,5,6 which apply if you are building a full-blown web application for others to consume.

Now, check the This is a private consumer if this is a personal tool, and you want to be able to use the client_credentials grant type, that would allow your tool to act on its own, rather than as if they were a user.

Finally select the permissions that you need. In my case, the tool is just being used for automatically configuring the pipeline variables from Terraform output, so I have only selected these. It is best if you are as restrictive as possible. You can always create a fresh set of credentials if you find that you need more permissions later.

Your credentials will now show in a list, with the name that you provided in the form earlier. Click on the chevron (1) by the name to reveal the Key and Secret (2) for your application.

That's it! You have now created your client access credentials.


Last updated: 12th September 2022
First published: 12th September 2022