Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Is it possible to get an authentication token through OAuth 2.0 using an app password?

I am trying to let users of my application post issues directly to a repository. To do this, I have set up an account for the application that also has access to the repository. Before creating an issue we need to get an authentication token as per this article. I am looking to use the OAuth2.0 Password grant type and the password I wish to use is my app password as opposed to my actual password. This is because with the app password I can manage the scope of access that the password has and if it were to get exposed it does not pose a major security risk. 

 

Is this at all possible or should I be going about this in another way altogether?  

2 answers

1 accepted

1 vote
Answer accepted
Caroline R Atlassian Team Jan 06, 2022

Hi, @argentum47

Thank you for reaching out to Atlassian Community!

When creating an OAuth, you shouldn’t inform your password or an app password, so I would like to clarify where you are using a password. In case you would like to read the process to create an OAuth, you can access the following link:

What you could do is use an App password to authenticate this request instead of an OAuth.

Please feel free to correct me in case I have misunderstood something here.

Kind regards,
Caroline

Hi, @Caroline R 

 

As per the link you sent, I'm using one of the four RFC-6749 grant flows, specifically the password grant type. I'm realizing now that If I'm to use the app password, I can't use it to get the OAuth token but I should be using basic authentication instead.

 

Thank you for the assistance!

Hi @argentum47 

I believe the purpose of creating Oauth2.0 token is to use this as password instead of actual password in other applications so that it reduces to login over and again.

 Regards,

Vishwas

Hi @Vishwas N M ,

 

I realize now that using the App Password and Basic authentication is what I need to do.  Using an Oauth2.0 token wouldn't work for my use case as it expires. 

 

Thank you for your insight!

Like Vishwas N M likes this

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

📣 Calling Bitbucket Data Center customers to participate in research

Hi everyone, Are you Bitbucket DC customer? If so, we'd love to talk to you! Our team wants to dive deep to understand your long-term plans regarding Bitbucket DC and Atlassian Cloud. Do you plan...

185 views 2 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you