Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Logging in Bitbucket
Audit Logging
Bitbucket provides an audit log which allows tracking authentication related events with built-in functionality already.
To enable audit logging for authentication events, you need to set the Coverage level for the Security category to Full.
Audit-logging authentication events can lead to a rapidly growing audit log database table and might cause performance issues.
Please be careful and monitor your instance for any negative impact.
Logfile
You can still see a record in the regular log file.
Messages are logged on INFO level and from de.resolution.apitokenauth.platform.auth.ApiTokenAuthSharedBase
Please refer to this article to see how to change the log level in a persistent way.
You'll then see the below authentication-related entries in the log file. These entries contain:
- a description of the event
- the token description (if applicable for the event)
- the token scope (if applicable for the event)
- the username
- the path of the REST endpoint for the call
Successful Authentication
|
Failed Authentication Attempts
Only if basic authentication with a regular password is disabled in the app settings, it's safe to tell if a token provided was wrong, causing the below message in the log file:
|
Another reason for a failed authentication attempt might be an IP restriction:
|
If basic authentication with a regular password or personal access tokens is enabled, it might still be a valid password (or personal) access token which is accepted by the Bitbucket authenticator. Hence, the log message reads like this:
|
Permission Denied Events
If a token with a "Read Only" scope is used during a write operation, a 403 error is returned as REST response and leaving a log file entry like the below.
|
Rate Limited Requests
If rate-limiting is enabled, logging the package de.resolution.apitokenauth.platform.auth.ApiTokenRateLimiter on INFO level provides the below record in the log file. This has been added in version 1.9.4.
|