@@ -277,14 +277,34 @@ const createBitbucketServerProvider = (clientId: string, clientSecret: string, b
277277 // url is required by Auth.js endpoint validation; the request function overrides the actual fetch
278278 url : `${ baseUrl } ,
279279 async request ( { tokens } : { tokens : TokenSet } ) {
280+ const accessToken = tokens . access_token ;
281+ if ( ! accessToken ) {
282+ throw new Error ( "Missing access token for Bitbucket Server userinfo request" ) ;
283+ }
284+
280285 const whoamiRes = await fetch ( `${ baseUrl } , {
281- headers : { Authorization : `Bearer ${ tokens . access_token } } ,
286+ headers : { Authorization : `Bearer ${ accessToken } } ,
287+ signal : AbortSignal . timeout ( 10_000 ) ,
282288 } ) ;
289+ if ( ! whoamiRes . ok ) {
290+ throw new Error ( `Bitbucket whoami failed (${ whoamiRes . status } ) ;
291+ }
292+
283293 const username = ( await whoamiRes . text ( ) ) . trim ( ) ;
284- const profileRes = await fetch ( `${ baseUrl } ${ username } , {
285- headers : { Authorization : `Bearer ${ tokens . access_token } } ,
294+ if ( ! username ) {
295+ throw new Error ( "Bitbucket whoami returned an empty username" ) ;
296+ }
297+
298+ const profileRes = await fetch ( `${ baseUrl } ${ encodeURIComponent ( username ) } , {
299+ headers : { Authorization : `Bearer ${ accessToken } } ,
300+ signal : AbortSignal . timeout ( 10_000 ) ,
286301 } ) ;
287- return profileRes . json ( ) ;
302+ if ( ! profileRes . ok ) {
303+ throw new Error ( `Bitbucket profile lookup failed (${ profileRes . status } ) ;
304+ }
305+
306+ return await profileRes . json ( ) ;
307+ }
288308 } ,
289309 } ,
290310 profile ( profile ) {
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?v=4&size=40){kind=avatar}
0 commit comments