BitBucket OAuth integration

[Enrico Pelizzon]

Hi all,
On Saturday, during the last Hack the Tower event, me and Edward started
working on allowing the users to login in betterev using their BitBucket
account.
We spent quite a lot of time on it (I guess mainly because of the lack of
experience with OAuth, or because of OAuth itself).
In either case, we couldn't complete the task.

I was having a look at it today and I'm having troubles with it, so I was
wondering if someone from the community could give me a hint.

Basically, what I'm having problems with is regarding how to store the
information regarding the authentication process. Since we're dealing with
a Angular single page web application that queries RESTful endpoints,
storing the information in a session on the server is not an option.
Looking around it seems like the available options are pretty much two: use
cookies as means of storage, or use the sessionStorage/localStorage from
HTML5. Any idea about which is the preferred way to deal with this?

At the moment I tried having an endpoint that retrieves a request token
from bitbucket, sends back to the UI the generated authorization url along
with the token secret (needed to later request an access token, how do we
store this? cookie?). The UI then redirects the user to the retrieved
authentication url, the user grants the permission and gets redirected back
to the callback endpoint that retrieves the access token using the token,
the verifier, and the secret (same one we retrieved previously). This
endpoint should then redirect the user back to the homepage and provide the
UI the access token in some way.

That's pretty much where I'm stuck. :-)

Any suggestion would be really appreciated!

Thanks!
Enrico