A Concourse server can authenticate against BitBucket Cloud to leverage its permission model.
First, you'll need to create an OAuth consumer on Bitbucket Cloud.
The consumer will need the following permissions:
The "Callback URL" must be the URL of your Concourse server with
/sky/issuer/callback appended. This address must be reachable by BitBucket Cloud - it can't be
For example, Concourse's own CI server's callback URL would be:
You will be given a Client ID and a Client Secret for your new application. The client ID and secret must then be configured on the
web node by setting the following env: