When using bitbucket OAuth just for authentication (we use deployment keys for jenkins repo access) it requires read/write access to all of my repositories.

This makes me really uncomfortable as we have offshore developers that have access to the jenkins server CLI and could harvest my OAuth token to get access to all of my personal repositories and other company repositories that they should not have access to.

Right now I login, then go back into Bitbucket and remove the authorization.

Perhaps changing the default scope to "account"[1] (similar to JENKINS-23324 for github)?

1. https://developer.atlassian.com/static/bitbucket/concepts/bitbucket-rest-scopes.html