Does your application make a direct OAuth2 connection to Bitbucket / Github, or are you using Auth0 in between (Auth0 Social Connection > Github & Bitbucket)?
Since you mention
User accepts/authorizes Auth0 in their Bitbucket Account
I believe it must be via Auth0 as the broker. Maybe you can post the code snippet that makes this particular initial authorization/signup request (“Our application essentially allows sign up through Bitbucket and Github.”) - maybe it gets clearer then.
And when you mention that you want to get a new access token, do you mean a new Auth0 access token, or a new Bitbucket access token?
-
If you want to get a new Auth0 access token, you use the Auth0 token endpoint
https://{}.auth0.com/oauth/tokenand the client id / client secret of your Auth0 application (incl. the Auth0 refresh token) that’s registered under Dasboard > Applications -
If you want to get a new Bitbucket access token, you use the Bitbucket token endpoint
https://bitbucket.org/site/oauth2/access_tokenand use the key/secret of the Bitbucket social connection (with the Bitbucket refresh token that’s in the user’s profile identity for Bitbucket). (You must have gotten some sort of Bitbucket key/secret somewhere in order to make a OAuth2 request to Bitbucket in the first place; relying on the Auth0 dev keys, which aren’t actually visible, wouldn’t work here).