How to manipulate Bitbucket repository with token?

git oauth mercurial bitbucket
38,100

Solution 1

This BitBucket page mentions:

We recently introduced OAuth 2 and also added the ability to use them as HTTP Basic Auth credentials.

Cloning a repository with an access token

Since add-ons will not be able to upload their own SSH keys to clone with, access tokens can be used as Basic HTTP Auth credentials to clone securely over HTTPS.

git clone https://x-token-auth:{access_token}@bitbucket.org/user/repo.git

The literal string x-token-auth as a substitute for username is required.

Our process is similar to GitHub, yet slightly different: the difference is GitHub puts the actual token in the username field.

See more at "OAuth on Bitbucket Cloud", as suggested in the comments by nick graziano.

Solution 2

I used an App password which I created from the Bitbucket Cpanel under Settings -> Access management (sidebar) -> App Passwords. After I did this I cloned the repo by using my username and the new app password as follows:

https://[your_user_name]:[app_password]@bitbucket.org/[your_user_name]/[repo_name].git

Solution 3

First of all: only OAuth 2 tokens can be used to clone repos

While unclear from this page, I've seen people try to use OAuth 1 access tokens. Unfortunately Git and Mercurial do not support OAuth 1 and so it is not possible to clone repos that way.

This is because OAuth 1 requires requests to be uniquely signed. The token itself is merely one of the input variables for the cryptographic signing process that git and hg do not support.

Now we did indeed recently add support for OAuth 2 which, despite its name, is a very different protocol and does not include cryptographic signing. As a result, OAuth 2 tokens can be used to clone over https.

Here's a dump of me creating a new OAuth 2 access/bearer token and using it to clone one of my private repos:

$ curl https://bitbucket.org/site/oauth2/access_token \
  -d grant_type=client_credentials \
  -u dqN7QFLwJEcHsHadYw:pzvZG25WEDqbm9aeUVRHtQRHgTRgDr9t
{
  "access_token": "He1rBW1eYAzmT3ePJcvYDtkIcF1Pb1izZHo8oqpKMEL5ivsku71qkjfumVgR2bWsCiRM7XeEmbVffxU92w==",
  "scopes": "repository email",
  "expires_in": 3600,
  "refresh_token": "pfcnxSpXNPAeTcYhcQ",
  "token_type": "bearer"
}
$ git clone "https://x-token-auth:JU5dAtlMD30BisLpDkIap7T18Ry9v6p0Xif4owkQUyen_rLx5_B3PjjeqhLhpde0ezR1wyGLeqYE2HA49A==@bitbucket.org/evzijst/crypt"
Cloning into 'crypt'...
remote: Counting objects: 26, done.
remote: Compressing objects: 100% (25/25), done.
remote: Total 26 (delta 8), reused 0 (delta 0)
Unpacking objects: 100% (26/26), done.
Checking connectivity... done.

Now be aware that OAuth 2 tokens expire in an hour. After that they will cease to work. Depending on how you obtained the access token you may have a refresh token. You can use this refresh token to issue a new access token immediately before attempting to clone, to avoid expiration.

Solution 4

To manipulate Bitbucket repository with token:

  1. First you create an "Oauth" in access management section of your bitbucket account setting. This gives you a "Key" and a "Secret". You have done this bit.

  2. Now using these Key and Secret you ask Bitbucket for a token. In my case I made a http request to https://bitbucket.org/site/oauth2/access_token. I could do it with Curl or some Ajax library like this: 

    curl -X POST -u "yourKeyHere:yourSecretHere"  https://bitbucket.org/site/oauth2/access_token -d  grant_type=client_credentials

    alternatively, my http request was like this (using superagent in node) with my Content-Type set to application/x-www-form-urlencoded you can use postman:

    request.post("https://yourKeyHere:[email protected]/site/oauth2/      access_token").send('grant_type=client_credentials');`

    the result is like this:

    {
   "access_token": "blah blah blah HXAhrfr8YeIqGTpkyFio=",
   "scopes": "pipeline snippet issue pullrequest project team account",
   "expires_in": 3600,
   "refresh_token": "hsadgsadvkQ",
   "token_type": "bearer"
}

  3. Now that you have the "access_token", clone a private repo with it. But the url to your repo should be like this (keep the bracket around token):

    https://x-token-auth:{tokenHere}@bitbucket.org/yourRepoOwnerHere/RepoNameHere.git

Solution 5

I know this is a fairly old thread, but, just in case, I wrote my own credential store to manage bitbucket's token:

https://github.com/gildas/git-credential-bitbucket

Share:
38,100

Related videos on Youtube

Gábor Domonkos
Author by

Gábor Domonkos

Updated on April 21, 2020

Comments

  • Gábor Domonkos
    Gábor Domonkos about 4 years

    I followed this documentation to get a token value and a token secret from bitbucket:
    https://confluence.atlassian.com/display/BITBUCKET/OAuth+on+Bitbucket

    After that I want to push/pull to a given repo by using that token.

    At Github I can use the token like this way: https://help.github.com/articles/git-automation-with-oauth-tokens#step-2-clone-a-repository

    My question is how can I use this kind of http authorization at bitbucket (mercurial/git)?

    • VonC
      VonC almost 9 years
      Since June 2015, this seems officially supported. I have edited my answer below accordingly.
  • Chris
    Chris almost 9 years
    Do you know if Bitbucket has any plans to make non-expiring auth tokens? If I'm not mistaken, your remote repository URL will become invalid when your token expires, meaning you won't be able to perform any actions on the remote until you refresh for a new access token and update the url with that new access token. That's quite a nuisance for either the user or the developer of a GIT client to maintain on an hourly basis. Even if the GIT client handles everything properly, the repository will unusable in any other GIT clients the user uses after that hour passes.
  • Erik van Zijst
    Erik van Zijst over 8 years
    Yes, we're currently adding non-expiring API tokens, which might be named "App Passwords" by the time we announce them (naming is still being discussed).
  • nazikus
    nazikus over 8 years
    Is it possible to obtain access token without callback url? I receive invalid url "No callback uri defined for the OAuth client" when using your example with curl request.
  • mariowise
    mariowise over 8 years
    Here is everything in a single command line git clone "https://x-token-auth:$(curl -X POST -u "[CONSUMER_KEY]:[CONSUMER_SECRET]" https://bitbucket.org/site/oauth2/access_token -d grant_type=client_credentials | grep -Po '(?<="access_token": ")[^"]*')@bitbucket.org/[USER_OR_COMPANY]/[REPO_NAME].git"
  • Nicolás Ozimica
    Nicolás Ozimica over 7 years
    Here is a one-liner for tcsh: git clone https://x-token-auth:`curl -X POST -u "[CONSUMER_KEY]:[CONSUMER_SECRET]" https://bitbucket.org/site/oauth2/access_token -d grant_type=client_credentials | grep -Po '(?<="access_token": ")[^"]*'`@bitbucket.org/[USER]/[REPO]
  • Sunil Sharma
    Sunil Sharma about 7 years
    Above description is false.
  • Vahid PG
    Vahid PG about 7 years
    @SunilSharma really? Which bit of it? I've been using it.
  • Sunil Sharma
    Sunil Sharma about 7 years
    `request.post("yourKeyHere:[email protected]/site‌​/oauth2 access_token").send('grant_type=client_credentials');`` not working
  • Bruce Sun
    Bruce Sun about 7 years
    @nazikus Just add callback url in your oauth consumer settings and try again, it won't really take you to that url when you request an access token.
  • Bruce Sun
    Bruce Sun about 7 years
    @ErikvanZijst Hi! Is your method documented in bitubcket official documentation?
  • Rohan Nicholls
    Rohan Nicholls almost 7 years
    The docs seem to have this wrong with the x-token-auth in place of the user name, as it does not work for me, but the link @Psymatix left above, works.
  • Rohan Nicholls
    Rohan Nicholls almost 7 years
    The second [your_user_name] could be the name of the user/group that is the owner of the repo. So, if you are bubba, and the repo is owned by shrimpingcorp, the url would look like: https://bubba:[app_password]@bitbucket.org/shrimpingcorp/[re‌​po_name].git
  • oyelaking
    oyelaking over 6 years
    What of git pulling? How does one perform a git pull later?
  • Randy L
    Randy L almost 6 years
    As of today I get an error message like "If you log in via a third party service you must ensure you have an account password set in your account profile." when I try to simply git clone https://x-token-auth:{tokenHere}@bitbucket.org/yourRepoOwner‌​Here/RepoNameHere.gi‌​t. Hoping this works with plain-old API endpoints in their v2 API.
  • Randy L
    Randy L almost 6 years
    I took off the .git and put double quotes around the whole URL and bingo!
  • SacWebDeveloper
    SacWebDeveloper almost 6 years
    Now if we could just get JWT tokens!
  • Arto Bendiken
    Arto Bendiken about 5 years
    @ErikvanZijst Four years later, whatever became of the non-expiring API access tokens?
  • Erik van Zijst
    Erik van Zijst about 5 years
    @ArtoBendiken they were released years ago: confluence.atlassian.com/bitbucket/app-passwords-828781300.h‌​tml

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I update my forked repo using SourceTree?
How much space can your BitBucket account have?
Why .gitignore and .metadata are not getting commited?
Is there any way to Create Pull request to bitbucket git repository using intelliJ IDEA
GIT won't pull latest changes from remote
Git: change HEAD
Base vs default branch in bitbucket version of git
bitbucket, cannot pull an update, resulting an 403 error
Bitbucket: Conflict in remote repo, can't figure out how to resolve
Bitbucket: Adding a local built project to bitbucket using a Mac OSX