A bit more than a week ago (Jun 28) I moved over to API tokens. All went well and I was able to use Sourcetree with the new token to make commits to an active repository. Fast-forward to today and I'm now getting the error message
remote: CHANGE-3222 - Functionality has been deprecated
remote: App passwords are deprecated and must be replaced with API tokens.
I've verified that sourcetree is working with my API token. (Sourcetree no longer has anything but the app-specific API token.) I've also verified that the token's expiration date is well into the future.
Thoughts/suggestions?
That error means Bitbucket is still getting an app password, not your token. CHANGE-3222 only fires on an app-password request, so despite switching the token over, something is still sending the old credential. The token isn't in play yet.
It's a cached credential. Git and the OS hold the old app password and keep resending it — Windows Credential Manager (the bitbucket.org entry), macOS Keychain, or your git credential helper. Clear the bitbucket.org entry there so the stale password stops going out.
Then check the username paired with the token, because the prefix depends on the token type. An Atlassian API token uses x-bitbucket-api-token-auth; a repository or workspace Access Token uses x-token-auth; an app password used your Bitbucket username. Get that wrong and the request falls back or fails. The token also needs read:repository:bitbucket, plus write:repository:bitbucket if you push.
If you're going through SourceTree or another client rather than the command line, same thing — remove the account and re-add it on the API Token auth type so it stops carrying the old credential.
Keep in mind the API token expiry date, too. I think the default is only one week when you create it.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.