Authetication failure via BitBucket

Incident Report for Fluid Attacks

Postmortem

Impact

At least one user experienced problems accessing the platform. The issue started on UTC-5 25-07-23 15:14 and was reactively discovered 1.2 hours (TTD) later by a client who reported through our help desk [1] that, when trying to log in, an Invalid redirect_uri error was displayed, preventing access. No other modules or users not using Bitbucket for login were affected. The problem was resolved in 2.1 hours (TTF), resulting in a total window of exposure of 3.3 hours (WOE) [2].

Cause

The problem was caused by a change in the redirect URL used for login. Specifically, an alias was added to the Bitbucket callback configuration in the production environment, which affected users logging in through Bitbucket.

Solution

The tokens for Bitbucket authentication were rotated again, both in the development and production environments, to restore proper access [3].

Conclusion

The platform is now working as expected for users logging in via Bitbucket. This incident highlights the importance of validating configuration changes before deploying to production, especially those related to authentication. ROTATION_FAILURE < INCOMPLETE_PERSPECTIVE

Posted Jul 24, 2025 - 18:32 GMT-05:00

Resolved

The incident has been resolved, and access via BitBucket authentication is now working properly.
Posted Jul 23, 2025 - 21:15 GMT-05:00

Update

We are continuing to work on a fix for this issue.
Posted Jul 23, 2025 - 18:45 GMT-05:00

Identified

Users trying to access the platform through BitBucket are unable to log in due to a redirect URI issue.
Posted Jul 23, 2025 - 18:02 GMT-05:00
This incident affected: Platform.