Hi jagan and welcome to the community!
Are you referring to the Callback URL field in an OAuth consumer?
This is the URL where users are redirected after OAuth authorization for the consumer.
For example, if you request authorization from the end user by sending their browser to:
https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=code
then after the user grants access they will get redirected to the Callback URL.
The callback will include the ?code={} query parameter that you can swap for an access token.
Please also see the following info from our documentation:
Callback URL: Required for OAuth 2.0 consumers.
When making requests you can include a call back URL in the request:
If you do include the URL in a request it must be appended to the same URL configured in the consumer. So if your consumer callback URL is example.com/add-on the URL in your request must be something similar to example.com/add-on/function.
If you don't include the URL in the request we redirect to the callback URL in the consumer.
Documentation:
You can also find more info about OAuth consumers on this page.
Kind regards,
Theodora
@jagan this is an area that people struggle with a lot. The callback is part of the authorization leg of the OAuth. You need to have a contextual understanding of where in the process the callback fits, to fully know what it is. The OAuth process is:
The black magic is locked into the callback (redirect_uri) and if you open the lid, the following can be seen:
The state parameter is just a code you generate via some sha256 generator to use in your first call. The callback URI (when responding) includes that state sequence so that you (as the caller) can inspect to know it is the same responder to whom you enquired.
Pardon the long-windedness, but I hope it sheds enough light.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.