Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata

Plugin Information

View Bitbucket OAuth on the plugin site for more information.

Older versions of this plugin may not be safe to use. Please review the following warnings before using an older version:

This Jenkins plugin enables OAuth authentication for Bitbucket users.

Upgrading 0.7 to 0.8

bitbucket-oauth-plugin changed using OAuth version 1.0 to 2.0.

If you got invalid redirect_uri error in login, you hove to specify Callback URL in Bitbucket OAuth setting page.

bitbucket-oauth-plugin changed using Bitbucket API endpoint v1 to v2.

You have to change permissions: Account > Read and Team membership > Read


First you need to get consumer key/secret from Bitbucket.

  1. Log into your Bitbucket account.
  2. Click on your account avatar in the top right corner and select Bitbucket Settings.
  3. If your are a member of an organization, ensure you are on Team settings, not Account settings, from the drop down.
  4. Under ACCESS MANAGEMENT select OAuth.
  5. Under OAuth consumers, click Add consumer.
  6. The system requests the following information: Name is required. Others are optional.
    • Name is required.
    • Callback URL is required. input https://your.jenkins.root/securityRealm/finishLogin .
    • Others are optional.
  7. Under Permissions, select Account > Read and Team membership > Read(optional).
  8. Click Save. The system generates a key and a secret for you. Toggle the consumer name to see the generated Key and Secret value for your consumer.

Second, you need to configure your Jenkins.

  1. Open Jenkins Configure System page.
  2. Set correct URL to Jenkins URL.
  3. Click Save button.
  4. Open Jenkins Configure Global Security page.
  5. Check Enable security.
  6. Select Bitbucket OAuth Plugin in Security Realm.
  7. Input your Consumer Key to Client ID.
  8. Input your Consumer Secret to Client Secret.
  9. Click Save button.

Bitbucket Team access Support

Based on the teams that user has access to, this plugin automatically creates groups of the form


Supported roles are admin, contributor and member


  • team1::admin
  • team2::contributor
  • team3::member

These group names can be used in Jenkins Matrix-based security to give fine grained access control based on the users team access in Bitbucket.

Configure plugin via Groovy script

Either automatically upon Jenkins post-initialization or through Jenkins script console, example:

import hudson.security.AuthorizationStrategy
import hudson.security.SecurityRealm
import jenkins.model.Jenkins
import org.jenkinsci.plugins.BitbucketSecurityRealm

// parameters
def bitbucketSecurityRealmParameters = [
  clientID:     '012345678901234567',
  clientSecret: '012345678901234567012345678901'

// security realm configuration
SecurityRealm bitbucketSecurityRealm = new BitbucketSecurityRealm(

// authorization strategy - full control when logged in
AuthorizationStrategy authorizationStrategy = new hudson.security.FullControlOnceLoggedInAuthorizationStrategy()

// authorization strategy - set anonymous read to false

// get Jenkins instance
Jenkins jenkins = Jenkins.getInstance()

// add configurations to Jenkins

// save current Jenkins state to disk

Version History

Version 0.10 (14 Oct, 2019)

  • [SECURITY-1546] Fixed client secret is saved in plain text (Notice: I recommend that you re-save Jenkins security configuration.)

Version 0.9 (19 Jan, 2019)

  • Fixed infinite redirect loop on Jenkins 2.150.2 (related:  JENKINS-55668 )

Version 0.8 (3 Jan, 2019)

  • Changed Bitbucket OAuth 1.0 to OAuth 2.0 (Notice: You have to specify the Callback URL in Bitbucket OAuth setting page)
  • Changed Bitbucket API v1 to v2 (Notice: You have to add Account Read permission in Bitbucket OAuth setting page)
  • Changed secret key input field to password 

Version 0.7 (1 May, 2018)

  • Fixed Groovy example did not work

Version 0.6 (25 Feb, 2018)

  • Added Bitbucket API 2.0 support (Pluign requires Account Read Permission only)
  • Added spport for adding user authorities based on bitbucket team/role (related: Pull Request #11)

Version 0.5 (5 Jun, 2016)

Version 0.4 (14 May, 2014)

Version 0.3 (31 Jul, 2013)

  • Works on reverse proxy environments ( Use Jenkins URL configuration instead of request URL )

Version 0.1 (29 May, 2013)

  • Initial release


  1. Unknown User (jgdvishnu)

    I do not see Bitbucket OAuth Plugin in Security Realm in my Jenkins Console. I only see :-

    Delegate to servlet container    
    Google Apps SSO (with OpenID)    
     Jenkins's own user database    
     OpenID SSO    
     Unix user/group database

    what do I need to do about it?


  2. Unknown User (jgdvishnu)

    Please send me the link for the installer of "Bitbucket OAuth Plugin"

  3. Unknown User (mallowlabs)

    You can find it on Manage Jenkins > Manage Plugins > Available > Bitbucket OAuth Plugin.

    Check Bitbucket OAuth Plugin and click the install button.

  4. Unknown User (ricardo_ruiz_lopez)


    I installed the plugin and I see it in my security settings.

    My question is: I have a lot of projects that use SVN or other system, so my jenkins (which is internal) is not secured. Can I use this plugin per project instead of all my jenkins configuration?

    Thanks in advance.

  5. Unknown User (lalsamir)

    I have followed the steps to get consumer key/secret and configure jenkins security. What do I do afterwards to create a new build? I am new to jenkins and need to make it so every time a git push happens in bitbucket a build is started by jenkins. Clear defined steps on how to make a build would be most helpful.

    thanks in advance

  6. Unknown User (ivan_pinatti)

    I've just published a Groovy script to configure this plugin;



    Also just did a pull request to add it to the official README page;


  7. Unknown User (volker59)

    Hi All.

    How can I use Bitbucket OAuth and AD together?

    In the global security (Jenkis) activation for Bitbucket OAuth means automatically deactivation for AD. I want to test OAuth for Bitbucket/Jira but I must have AD.

    Is it impossible to use both?

    Thanks in advance


  8. Unknown User (sbikkasani)

    Hi All,

    I have tried the Bitbucket OAuth setup with Jenkins following the steps as mentioned above but the Jenkins URL goes into a redirect loop.

    I have mentioned the Callback URL as 'http://myjenkinsurl/securityRealm/finishLogin'.

    Can anyone please help me with this.

    Thanks in advance,