Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Git push using OAuth 2.0 token is not working: "remote: Invalid credentials"

marta_valls
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 21, 2024

I'm trying to push some changes from a script locally. 
I already created a consumer for OAuth 2.0 following the Use OAuth on Bitbucket Cloud guide. Already obtain the token from https://bitbucket.org/site/oauth2/access_token successfully.
But when I try to push my changes (after adding and commit my changes):

git_url = f"https://oauth2:{oauth_token}@bitbucket.org/{my_repository}.git"
result = subprocess.run(["git", "push", "-u", git_url, source_branch], capture_output=True, text=True)

I got this error (token and repo anonymized for security purposes):

(Pdb) result
CompletedProcess(args=['git', 'push', '-u', 'https://oauth2:XXXXXXXXX@bitbucket.org/YYYYYYYYY.git', 'upgrade-version'], returncode=128, stdout='', stderr="remote: Invalid credentials\nfatal: Authentication failed for 'https://bitbucket.org/YYYYYYYYY.git/'\n")

To ensure I'm not using the wrong repository I directly copied and pasted from navigator by clicking in clone report and contains Workspace+repository name

To obtain the OAuth Token:

def obtain_oauth_token(client_id, client_secret):
# Bitbucket OAuth token endpoint
token_url = "https://bitbucket.org/site/oauth2/access_token"

# OAuth token request parameters
data = {
"grant_type": "client_credentials"
}

# OAuth client credentials for authentication
auth = (client_id, client_secret)

try:
# Send POST request to obtain OAuth token
response = requests.post(token_url, data=data, auth=auth)

# Check if request was successful
if response.status_code == 200:
# Parse JSON response and extract access token
token_data = response.json()
access_token = token_data.get("access_token")
return access_token
else:
error_data = response.json()
print(f"Failed to obtain OAuth token: <{response.status_code}> {error_data['error_description']}")
return None
except Exception as e:
print("Error:", e)
return None


Also, I tried to:

command = ["git", "remote", "add", "oauth", f"https://oauth2:{oauth_token}@{repository_url}"]
result = subprocess.run(command, capture_output=True, text=True)

and later push using oauth:

result = subprocess.run(["git", "push", "oauth", source_branch], capture_output=True, text=True)

But I'm having same issue than before:

(Pdb) result
CompletedProcess(args=['git', 'push', 'oauth', 'upgrade-version'], returncode=128, stdout='', stderr="remote: Invalid credentials\nfatal: Authentication failed for 'https://bitbucket.org/YYYYYYYYY.git/'\n")

Also I tried with https://x-token-auth:{oauth_token}@bitbucket.org/{repository}.git:

git_url = f"https://x-token-auth:{oauth_token}@bitbucket.org/{repository}.git"
result = subprocess.run(["git", "push", "oauth", source_branch], capture_output=True, text=True)

But it didn't work either

Can someone help me on this? 

1 answer

1 vote
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 25, 2024

Hi Marta and welcome to the community!

The correct remote URL when using an access token is

https://x-token-auth:{access_token}@bitbucket.org/{workspace-id}/{repo}.git

The literal string x-token-auth as a substitute for username is required.

Our access tokens expire in two hours, so in case you used the correct URL with an access token that was generated more than two hours ago, the operation will fail.

If you are still experiencing issues, I would suggest posting in the developer community which is specifically for development questions:

Kind regards,
Theodora

 

marta_valls
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 31, 2024

Hello Theodora, 
Thanks for the reply!

Yes, my internal variable `repository` is the workspace + repo and I also tried including literal string `x-token-auth` but I'm having same error. 
I already posted on the developer community: https://community.developer.atlassian.com/t/bitbucket-cloud-git-push-using-oauth-2-0-token-is-not-working-remote-invalid-credentials/78748 

Kind regards,
Marta

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 2, 2024

Hi Marta,

I see that you don't have admin access to the workspace you are a member of. Did an admin provide you with the consumer key and secret?

I would suggest double-checking the following:

1. Confirm that the consumer key and secret you are using are correct

2. Confirm that the consumer has Repositories - Read and Write permissions

3. Confirm that the option This is a private consumer is checked

4. Ensure that there are no curly brackets in the URL around access_token, workspace-id, and repo

https://x-token-auth:{access_token}@bitbucket.org/{workspace-id}/{repo}.git

5. For testing purposes, generate an access token by running the following curl command on your terminal, where client_id and secret replace with the key and secret of your consumer

curl -X POST -u "client_id:secret" \
https://bitbucket.org/site/oauth2/access_token \
-d grant_type=client_credentials

Then, use the access token provided by the curl command and try to clone the repo from terminal with git, with the command

git clone https://x-token-auth:{access_token}@bitbucket.org/{workspace-id}/{repo}.git

Again, no curly brackets in the URL. Then, create a commit in that clone and try to push. This is to narrow down if the issue is specific to your script or not.

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events