[JENKINS-75441] Authorized OAuth tokens can't be revoked individually - Jenkins Jira

Type: Bug
Resolution: Fixed
Priority: Minor
Component/s: atlassian-bitbucket-server-integration-plugin, core
Labels:
- regression
- ux
Environment:
Jenkins 2.492.2
Bitbucket Server v7.21.6
Bitbucket Server Integration 4.1.4

Similar Issues:
Powered by SuggestiMate

Show

In Jenkins, if you go to Dashboard > USERNAME > View oauth access tokens, you will see the following:

However, the revoke button does not work. Clicking the revoke button will only effectively refresh the page without revoking the token.

This is because the file, "src/main/java/com/atlassian/bitbucket/jenkins/internal/jenkins/oauth/token/OAuthTokenConfiguration.java" will only remove the token if the post form data includes the key value pair of <oauth token>="Revoke". However, the key value pair actually present in the form data is <oauth token>="".

This means that line 43 in the screenshot below will not find this expected key value pair and the token will not get revoked. Instead, if we modify line 43 to check for an empty string instead of "Revoke", the token will get revoked:

.filter(e -> e.getValue().length == 1 && e.getValue()[0].equals(""))

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

image-2025-03-17-13-22-11-583.png
51 kB
2025-03-17 16:22
image-2025-03-19-09-01-47-701.png
19 kB
2025-03-19 12:01
Screenshot 2025-03-06 162502.png
12 kB
2025-03-17 16:17

links to

Pull Request #10430: [JENKINS-75441] Add value attribute to button element in submit.jelly

Assignee:: Austin

Reporter:: Austin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025-03-17 16:39

Updated:: 2 days ago 12:19

Resolved:: 2025-04-03 14:03

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates