Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SourceTree using OATH

Harper_ Peter
Harper_ Peter
April 23, 2026

I'm trying to get tokens to work in place of App passwords for SourceTree. But that totally failed to work so I have just wasted hours getting it back set up just to work as before. But I now don't seem to be able to use the app password but OATH works fine. I thought Atlassian had forced us to use App Passwords in the first place, but if I'm using OATH instead of basic authentication am I using the App Password for SourceTree at all?

Answer
Watch
Like Be the first to like this
127 views

1 answer

1 accepted

1 vote
Answer accepted
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 26, 2026

Hi @Harper_ Peter 

App Passwords are in the process of deprecation in favour of personal API tokens, as per our announcement post:

We'd recommend switching to personal API token instead, below are the instructions for Sourcetree.

 

To get started using API tokens with Sourcetree, you'll need to create the API token in Bitbucket Cloud and specify the necessary scope to connect to your account, view your workspaces as well as work with your repositories in the Sourcetree UI.
Some configuration is necessary to be performed on the Sourcetree end as well, so I will cover all of this step-by-step below:
Step 1: Creating the API token:
You'll need to create the API token and make sure that you first specify the correct scope (see: deprecation documentation)

  1. Click the gear cog icon, select Atlassian Account settings > Security tab > Create and manage API Tokens

  2. Click Create API token with scopes and select Bitbucket Cloud

  3. If you want to be able to authenticate against your user account, view your data, and work with your repositories ( clone/push/pull to the repo, work with PR's (optional) - you'll need to tick all of the following scopes: 
    read:user:bitbucket
    read:workspace:bitbucket
    read:repository:bitbucket
    write:repository:bitbucket
    read:pullrequest:bitbucket (optional)
    write:pullrequest:bitbucket (optional)
    More information on scopes can be found in our API scopes documentation.

Step 2: Configuring in Sourcetree:
In Sourcetree, you'll need to perform the following steps:

  1. Make sure you're on at least Sourcetree v4.2.14 (Mac) or Sourcetree v3.4.24 (Windows) by clicking Check for Updates and installing any. These versions and above fully support API tokens, and thus, you will need to update to the latest version, as you will encounter issues with older versions.

  2. Confirm that the update was successful by clicking About Sourcetree and checking the version

  3. Once confirmed:
    (Windows)
    - Go to Tools > Options. From the Options dialog, select the Authentication tab.
    (macOS)
    - Go to Sourcetree > Preferences. From the dialog that options, select the Accounts tab.

  4. Select Edit to edit your account details or Add to add a new one

  5. Select Bitbucket as the host 

  6. Select API Token as the Auth Type

  7. Enter the user email tied to your Bitbucket Cloud user account into the User Email field

  8. Paste your API token from above into the API Token field

  9. Click OK or Save to save your account details.

Step 3: Cloning a new repository

  1. Once you’re ready to clone a new remote repository - you’ll need to click the Remote tab

  2. Find the repository you wish to clone and click the Clone button as normal - this will clone using the API token that you've configured in Step 2.

Step 4: Working with existing repositories

  1. By updating your configuration with your API token, Sourcetree will automatically update the remote repository authentication, so you may continue working with these repositories as normal.

Other Considerations

  • As API tokens have a configurable expiry date, once the expiry date has passed, you will need to create a new API token as per Step 1 and modify your settings in Sourcetree as per Step 2 to reflect this new token

Let me know how this goes.

Cheers!

- Ben (Bitbucket Cloud Support)

View More Comments
Harper_ Peter
Harper_ Peter
April 26, 2026

That wasn't really my question. I have set up an app password for SourceTree but I thought I had to use basic authentication in order to use that from SourceTree to authenticate. However I am actually using OATH with SourceTree and it works fine. So my question - "Is OATH using the App password I have set up?" or is it working perfectly well without using the app password, so I can just ignore your emails about tokens. I have already wasted days on trying to get tokens to work (I keep getting a message about not having permissions to use v2 API) so if I can just carry on using OATH with SourceTree then I will.

Like
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 27, 2026

Hi Peter,

You are correct in stating that App Password is basic auth, and you would need to use basic auth to authenticate using App Password. I suggested that you don't use App Password as it is being fully deprecated in June 2026. OAuth uses bearer token, so no - this would not be using the App Password.

There are no plans to deprecate OAuth tokens, so if you're using OAuth tokens without issue, then by all means - use OAuth as this is also a valid authentication type. If you decide to transition to API tokens at any point - we have guidelines on the scopes that need to be configured in our API scopes documentation (they vary depending on the endpoint that you wish to query).

Cheers!

- Ben (Bitbucket Cloud Support)

 

Like
Harper_ Peter
Harper_ Peter
May 11, 2026

That worked. The only clarification needed is that the email address used in step 7 of the SourceTree set up is not the user@bitbucket one. Also I think it is probably easier where starting from OAUTH set up in SourceTree rather than the AppPassword set up.

Thanks Ben

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security