Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Oauth Implicit grant returns invalid access token for some users

Dan Abel I'm New Here Jan 05, 2021

I am using Oauth 2.0 Implicit grant from point 2. in the docs here: https://developer.atlassian.com/bitbucket/api/2/reference/meta/authentication

It works perfectly for almost all members of out team (20+), however there are 2 accounts where the token returned is invalid every time and the token they receive looks different to the ones that work. These 2 users cannot use the app I have built at all as a result.

An example of a correct response that works would be:

<callback URL>#access_token=FAKEaRs4L3FHKNtoncuywSMu4l8OCRfy25ac0VeVGavcRO1cOZvKeZ14woTOkCh6KJBBBlBctH52qZ7MRY9Sr7qzFPOcBfVA2eMRB6wvnrcATfbWdaqU9fSo&scopes=account+pullrequest%3Awrite&expires_in=7200&token_type=bearer

Token above has been replaced with random string here, but it is 120 chars long, alphanumeric with the occasional dash sometimes. This can be used to make API calls for 2 hours before it needs refreshing.

The 2 accounts that do not work return something like this:

<callback URL>#access_token=8abc-FAKEaRs4L3FHKNtoncuywSMu4l8OCRfy25ac0VeVG_eZ14woTO_H52qZ7MRY9Sr7qz_BlBctH52qZ7MR-HKNtoncuywSMu4l-qsfPnjY2-FoydYlMLERQqinVbmMWL97_WgtZa01w%3D%3D&scopes=account+pullrequest%3Awrite&expires_in=7200&token_type=bearer

So the token here is longer than 120 chars and has underscores that makes it look like the token is split into sections. It also has `%3D%3D` as the end of the token, (or `==` if it has been URL decoded). This token does not work at any time.

I get the error message "Access token expired. Use your refresh token to obtain a new access token." if I try to use it, even if I use it straight away.

Does anyone know what is going on? Or how to fix it?

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

2,573 views 1 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you