Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Git push using OAuth 2.0 token is not working: "remote: Invalid credentials"

marta_valls
marta_valls
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 21, 2024

I'm trying to push some changes from a script locally. 
I already created a consumer for OAuth 2.0 following the Use OAuth on Bitbucket Cloud guide. Already obtain the token from https://bitbucket.org/site/oauth2/access_token successfully.
But when I try to push my changes (after adding and commit my changes):

git_url = f"https://oauth2:{oauth_token}@bitbucket.org/{my_repository}.git"
result = subprocess.run(["git", "push", "-u", git_url, source_branch], capture_output=True, text=True)

I got this error (token and repo anonymized for security purposes):

(Pdb) result
CompletedProcess(args=['git', 'push', '-u', 'https://oauth2:XXXXXXXXX@bitbucket.org/YYYYYYYYY.git', 'upgrade-version'], returncode=128, stdout='', stderr="remote: Invalid credentials\nfatal: Authentication failed for 'https://bitbucket.org/YYYYYYYYY.git/'\n")

To ensure I'm not using the wrong repository I directly copied and pasted from navigator by clicking in clone report and contains Workspace+repository name

To obtain the OAuth Token:

def obtain_oauth_token(client_id, client_secret):
    # Bitbucket OAuth token endpoint
    token_url = "https://bitbucket.org/site/oauth2/access_token"

    # OAuth token request parameters
    data = {
        "grant_type": "client_credentials"
    }

    # OAuth client credentials for authentication
    auth = (client_id, client_secret)

    try:
        # Send POST request to obtain OAuth token
        response = requests.post(token_url, data=data, auth=auth)

        # Check if request was successful
        if response.status_code == 200:
            # Parse JSON response and extract access token
            token_data = response.json()
            access_token = token_data.get("access_token")
            return access_token
        else:
            error_data = response.json()
            print(f"Failed to obtain OAuth token: <{response.status_code}> {error_data['error_description']}")
            return None
    except Exception as e:
        print("Error:", e)
        return None


Also, I tried to:

command = ["git", "remote", "add", "oauth", f"https://oauth2:{oauth_token}@{repository_url}"]
result = subprocess.run(command, capture_output=True, text=True)

and later push using oauth:

result = subprocess.run(["git", "push", "oauth", source_branch], capture_output=True, text=True)

But I'm having same issue than before:

(Pdb) result
CompletedProcess(args=['git', 'push', 'oauth', 'upgrade-version'], returncode=128, stdout='', stderr="remote: Invalid credentials\nfatal: Authentication failed for 'https://bitbucket.org/YYYYYYYYY.git/'\n")

Also I tried with https://x-token-auth:{oauth_token}@bitbucket.org/{repository}.git:

git_url = f"https://x-token-auth:{oauth_token}@bitbucket.org/{repository}.git"
result = subprocess.run(["git", "push", "oauth", source_branch], capture_output=True, text=True)

But it didn't work either

Can someone help me on this? 

Answer
Watch
Like Be the first to like this
1343 views

1 answer

1 vote
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 25, 2024

Hi Marta and welcome to the community!

The correct remote URL when using an access token is

https://x-token-auth:{access_token}@bitbucket.org/{workspace-id}/{repo}.git

The literal string x-token-auth as a substitute for username is required.

Our access tokens expire in two hours, so in case you used the correct URL with an access token that was generated more than two hours ago, the operation will fail.

If you are still experiencing issues, I would suggest posting in the developer community which is specifically for development questions:

Kind regards,
Theodora

 

View More Comments
marta_valls
marta_valls
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 31, 2024

Hello Theodora, 
Thanks for the reply!

Yes, my internal variable `repository` is the workspace + repo and I also tried including literal string `x-token-auth` but I'm having same error. 
I already posted on the developer community: https://community.developer.atlassian.com/t/bitbucket-cloud-git-push-using-oauth-2-0-token-is-not-working-remote-invalid-credentials/78748 

Kind regards,
Marta

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 2, 2024

Hi Marta,

I see that you don't have admin access to the workspace you are a member of. Did an admin provide you with the consumer key and secret?

I would suggest double-checking the following:

1. Confirm that the consumer key and secret you are using are correct

2. Confirm that the consumer has Repositories - Read and Write permissions

3. Confirm that the option This is a private consumer is checked

4. Ensure that there are no curly brackets in the URL around access_token, workspace-id, and repo

https://x-token-auth:{access_token}@bitbucket.org/{workspace-id}/{repo}.git

5. For testing purposes, generate an access token by running the following curl command on your terminal, where client_id and secret replace with the key and secret of your consumer

curl -X POST -u "client_id:secret" \
https://bitbucket.org/site/oauth2/access_token \
-d grant_type=client_credentials

Then, use the access token provided by the curl command and try to clone the repo from terminal with git, with the command

git clone https://x-token-auth:{access_token}@bitbucket.org/{workspace-id}/{repo}.git

Again, no curly brackets in the URL. Then, create a commit in that clone and try to push. This is to narrow down if the issue is specific to your script or not.

Kind regards,
Theodora

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security