What are you doing??? I thought the problem was solved for me because it worked on March 9 and stopped working again today "remote: Bitbucket Cloud recently stopped supporting account passwords for Git authentication." This is irritating!
We have had problems since Friday with Team City server. It was still working fine until then with standard https credentials but we have tried using an app password to connect and all I can get is a 'not authorized' error - which basically means Bitbucket is refusing the request.
We have tried every possible combination of repo name an can get a response using Git Bash on the Teamcity server (using curl) but it looks like Bitbucket is blocking access even with the full permission app password over https. Has anyone been able to resolve this? The next step is to try SSH but this really shouldn't be necessary.
I'm using OAuth as my authentication method from SourceTree and it has stopped working due to these changes. I have generated an app password but actually I dont think this change should affect me because I'm not using basic authentication. There is nowhere for me to update the password as I'm using a token. help please.
@Kennedy can you please provide more details so I can try and assist you. Did you update the connected Bitbucket Cloud repository's credentials? username should be the bitbucket username and password should now be the app password
Hello @David Dansby I appreciate you for reaching out.
I created app passwords for my service accounts and my individual accounts. As a test, the app passwords had full access permissions. These accounts proper access to the repos in question.
I updated the Shared Credentials to use proper username (not email address) and changed the password to the newly created app passwords.
In the Linked Repos, I made sure the proper shared credentials were selected, then clicked "Load Repositories". I will get this error.
Failed to load data from Bitbucket. [403 Forbidden]
I know there was a warning about cached passwords on the agents, so I made sure to clear the git caches, and wait an hour to a day between retries.
Atlassian Team members are employees working across the company in a wide variety of roles.
March 14, 2022 edited
@Chris Clancy have you verified the app password works to push/pull from your repository from a personal terminal window versus using teamcity? We had one user who mentioned earlier in the comments the Git remote URL included the email as a username but for app passwords email as username is not allowed, it must be the Bitbucket Cloud username.
Also, can you tell me the exact error you get? Is it just "Not authorized"?
Atlassian Team members are employees working across the company in a wide variety of roles.
March 14, 2022 edited
@svenbader if you are receiving that error message you need to update your credentials to use an app password. When we talked previously, as I mentioned, the issue you were experiencing then was not related to this removal of account passwords for app passwords. To resolve the issue you need to create to an app password and use that in place of your account password when using Git over HTTPS (and the BItbucket Cloud API). Things to note:
make sure you use your Bitbucket Cloud username as your username with an app password (email as username doesn't work)
your existing account password could be saved in a credential helper/store on your computer. You will need to update that to use your new app password instead
The good news is this new app password approach does work for our build pipelines in Azure DevOps. All we had to do was use the new app password in place of the user account password.
The bad news is all our CI and PR Validation build triggers stopped working on March 10th. I've added the web hooks, pull request, and repository (read, write, admin) permissions to our app password, but they no longer fire for any of our branches. Do you have any suggestions on how to troubleshoot this issue?
Atlassian Team members are employees working across the company in a wide variety of roles.
March 14, 2022 edited
@Tom Soderling have you tried using an app password with pipelines scopes or just testing at first with an app password with all scopes?
Also, did you ensure the username for the credentials that your CI and PR validation builds are using your Bitbucket Cloud username and not email address? Email address as username is not allowed with app password authentication.
Yeah, today I tried enabling all the app password scopes - besides a few that didn't seem necessary.
Yes, we are using our bitbucket username, not email. The builds work great. We're able to fetch all code from bitbucket and build. It's just a trigger issue.
We've opened a support ticket too. Just curious if someone else has run into this.
Atlassian Team members are employees working across the company in a wide variety of roles.
March 14, 2022 edited
Odd, I'm not entirely sure of the cause for issue @Tom Soderling. From my knowledge you are the first to bring this up. Thanks for opening a support ticket.
If support helps you resolve the issue and if you can (no worries if you can't) can you please post your fix here, just in case someone else experiencing the same issue comes here searching for a fix.
This broke my ability work from Visual Studio via git (on windows). What do I need to do to be able to sync from visual studio? I used to be able to use my bitbucket.org username/password - now, although I'm entering correct un/pw - it won't let me.
Same for command line git. What username/password should I use? How exactly do I use git from command line after this change?
I need to check in urgently and I can not. Pls point to a resource to help me.
@David Dansby thanks for the reply. Yes I have verified this morning that I can clone/pull the bitbucket repo on the Teamcity server using the app password and username - I had never done it before so was a first time success. Cloning was the HTTPS version using the username in the URL.
I have updated the default password in Teamcity settings and also changed the VCS (repo) Url at project level to include the Bitbucket username, so it is in this format:
Failed to collect changes, error: List remote refs failed: org.eclipse.jgit.errors.TransportException: https://bitbucket.org/<orgname>/<repo>.git: not authorized
Full error:
Failed for the root '"*** Bitbucket" {instance id=626, parent internal id=1, parent id=***Bitbucket, description: "https://<username>@bitbucket.org/<org>/<repo>.git#testing/tagging-features"}: List remote refs failed: org.eclipse.jgit.errors.TransportException: https://bitbucket.org/<orgname>/<repo>.git: not authorized
I have also tried to reboot the server after updating those details, just in case it is caching.
But what I also notice is that if I use the repo UR in the browser (already logged in to bitbucket as that user) https://<username>@bitbucket.org/<orgname>/<repo>.git it just hangs and doesn't load fully unless I refresh the page.
I am struggling with this thing for a while now. I came to read the documentation and under "What effect do these changes have on me and what do I need to do?" I can read potential effects but nothing on what I should do! I created an App Password but I am not sure where to use it. Any idea?
Deploys delayed all over the place because users can't get their code committed, hours per day in credentials manager trying to sort access only to have it reset next day. I've never seen the like.
Besides that this forced change is probably an efficient way to reduce a user base, I would not agree that it is desirable from a security/privacy perspective. Responsible users prefer to chose their passwords themselves, rather than having it generated "as a service". In the end most users will either way create exactly one app password with full privileges and this way substitute their previous credentials.
Everything is broken. I've followed the bits and pieces of instructions I've been able to find, but I just can't get it to work.
Atlassian, this is unforgivable. You've just broken all your users' connections to their repositories, and haven't provided clear instructions as to how to fix it.
Expecting us all to scroll through hundreds of comments in the vain hope of finding a solution is not acceptable.
Atlassian, please consider undoing this change until you have it working, and, crucially, are able to provide us with step-by-step instructions on how to move to app passwords, in a way that works.
I dont know if this changes is the reason but I cannot update my submodule since march using "submodule update " or "git submodule foreach git pull origin master".
The error shows the Authentification faild for http ~ .
I have no issue pulling / pushing master but not for submodule.
For Sourcetree users you need to tell us where to find the fabled setting of the git URL to check that we are using a userID instead of an email address. I cant find it anywhere. It is a repository property? It is an account property? Where? what? Remember the reason some of us use SourceTree is so that we do not have to become git experts.
As instructed, before March I generated an app password, added them to my SourceTree. Now I can no longer commit.
As others have said, please start over, enable us all again and then try to roll this out when Sourcetree for windows can handle the issue and it has been tested.
283 comments