diff --git a/server/forge/bitbucketdatacenter/bitbucketdatacenter.go b/server/forge/bitbucketdatacenter/bitbucketdatacenter.go
index 5df34a7bf1..03171f653b 100644
--- a/server/forge/bitbucketdatacenter/bitbucketdatacenter.go
+++ b/server/forge/bitbucketdatacenter/bitbucketdatacenter.go
@@ -112,6 +112,7 @@ func (c *client) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mod
 	if err != nil {
 		return nil, redirectURL, err
 	}
+	log.Info().Any("token", token).Msg("retrieved token")
 
 	client := internal.NewClientWithToken(ctx, config.TokenSource(ctx, token), c.url)
 	userSlug, err := client.FindCurrentUser(ctx)
@@ -130,23 +131,38 @@ func (c *client) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mod
 	}
 
 	u := convertUser(user, c.url)
-	u.Token = token.AccessToken
-	u.Secret = token.RefreshToken
-	u.Expiry = token.Expiry.Unix()
+	updateUserCredentials(u, token)
+	log.Info().Any("user", u).Msg("returning user from Login..")
 	return u, "", nil
 }
 
-// Auth is not supported.
-func (c *client) Auth(ctx context.Context, accessToken, refreshToken string) (string, error) {
+func (c *client) Auth(ctx context.Context, accessToken, _ string) (string, error) {
 	config := c.newOAuth2Config()
 	token := &oauth2.Token{
-		AccessToken:  accessToken,
-		RefreshToken: refreshToken,
+		AccessToken: accessToken,
 	}
 	client := internal.NewClientWithToken(ctx, config.TokenSource(ctx, token), c.url)
 	return client.FindCurrentUser(ctx)
 }
 
+func (c *client) Refresh(ctx context.Context, u *model.User) (bool, error) {
+	config := c.newOAuth2Config()
+	t := &oauth2.Token{
+		RefreshToken: u.Secret,
+	}
+	ts := config.TokenSource(ctx, t)
+
+	tok, err := ts.Token()
+	if err != nil {
+		return false, fmt.Errorf("unable to refresh OAuth 2.0 token from bitbucket datacenter: %w", err)
+	}
+
+	updateUserCredentials(u, tok)
+	log.Info().Any("user", u).Msg("updated user after refresh")
+
+	return true, nil
+}
+
 func (c *client) Repo(ctx context.Context, u *model.User, rID model.ForgeRemoteID, owner, name string) (*model.Repo, error) {
 	bc, err := c.newClient(ctx, u)
 	if err != nil {
diff --git a/server/forge/bitbucketdatacenter/convert.go b/server/forge/bitbucketdatacenter/convert.go
index 9b85affea5..f3fdda975c 100644
--- a/server/forge/bitbucketdatacenter/convert.go
+++ b/server/forge/bitbucketdatacenter/convert.go
@@ -21,6 +21,8 @@ import (
 	"time"
 
 	bb "github.com/neticdk/go-bitbucket/bitbucket"
+	"github.com/rs/zerolog/log"
+	"golang.org/x/oauth2"
 
 	"go.woodpecker-ci.org/woodpecker/v2/server/model"
 )
@@ -153,3 +155,10 @@ func convertListOptions(p *model.ListOptions) bb.ListOptions {
 	}
 	return bb.ListOptions{Limit: uint(p.PerPage), Start: uint((p.Page - 1) * p.PerPage)}
 }
+
+func updateUserCredentials(u *model.User, t *oauth2.Token) {
+	u.Token = t.AccessToken
+	u.Secret = t.RefreshToken
+	u.Expiry = t.Expiry.Unix()
+	log.Info().Any("user", u).Msg("updated user credentials")
+}