Hello SonarSource Community,
We are currently experiencing issues with Bitbucket Cloud authentication in SonarQube (version 9.9.2 LTS).
Context:
-
SonarQube is deployed behind Nginx with HTTPS enabled.
-
OAuth configuration with Bitbucket is correctly set (client ID/secret, redirect URI).
-
Server base URL is configured as:
https://sonar.afphabitat.net
Issue:
During login attempts, we observe the following in the logs:
-
invalid_granterror during OAuth token exchange -
Warnings related to:
CHANGE-2770 - Functionality has been deprecated
Specifically:
-
SonarQube fails when trying to retrieve Bitbucket teams/workspaces.
-
This appears to be related to recent Bitbucket Cloud API deprecations.
Workaround applied:
-
We removed the “Workspaces” restriction in SonarQube authentication settings.
-
We disabled automatic user sign-up to maintain access control.
With this workaround:
-
Authentication now works
-
But we lost the ability to restrict access based on Bitbucket workspace membership
Questions:
-
Is SonarQube 9.9.2 officially compatible with the latest Bitbucket Cloud API changes (CHANGE-2770)?
-
Is there a recommended configuration to enforce workspace-based access control with current Bitbucket APIs?
-
Is this limitation only resolved in newer SonarQube versions or via plugin updates?
We are planning an upgrade, but would like to confirm the best approach and avoid regressions.
Thanks in advance for your guidance.
Best regards,