Personal Access Token for Bitbucket Cloud?

What is the reason behind lack of *personal access tokens* feature in Bitbucket cloud? 

As a developer, I find access tokens very handy when you are executing Git commands (i.e. clone, push, pull, etc). I use Github's personal access token on daily basis and it's super convenient. 

I guess I will have to disable 2FA in my bitbucket :( 

Hi @Raf, Bitbucket developer here.

I believe that App passwords that Ana referred to above are just what you're looking for. They were introduced exactly for the case when 2FA is turned on but some scoped access with basic auth is required.

Hope this helps.

Cheers!

Daniil

@Daniil Penkin - I'm curious why Atlassian didn't go with calling them "Personal access tokens"? :-)

Unlike personal access token app password is not enough to authenticate with Bitbucket Cloud, it also requires your username (login). So it is a password.

@Daniil Penkin - thanks for the quick response!

I want to use personal access token to give AWS amplify access, with bitbucket cloud that is not possible, is there a workaround for.

I have exactly the same case as @Yasar Ertekin ! AWS amplify does not provide option to use App passwords! I'm even trying to find a way to automatically create access tokens but no luck!

I'm in the same situation also with AWS Amplify. It would be great if personal access tokens were available for BitBucket so they could be used with CloudFormation to create Amplify Apps.

Update:

With help from AWS support I've been able to create an Amplify App using a CloudFormation template and the AWS::Amplify::App resource.

I set up an OAuth consumer and using the client_credentials flow I was able to get a short-lived access token. Once I adjusted the OAuth consumer permissions/scopes appropriately (repository:admin webhook pullrequest) then it allowed an access token with appropriate permissions to be using in the OauthToken CloudFormation parameter combined with the Repository parameter with the Repo URL.

This created an Amplify App linked to the BitBucket Repo. There's a bit more effort involved but it works.

Dear Allan Oliveir,

I have been trying to replicate your suggestion workflow for creating AWS Amplify app. However, I am having trouble generating an access_token from BitBucket  following client_credentials flow or even getting an oauth_token.

Any assistance would be appreciated. Would be happy to provide any details needed.

Hi Stanimir,

So long as you've created an OAuth Consumer in your workspace with the correct permissions you should be able to generate short-lived access tokens as needed.

My implementation uses the https://bitbucket.org/site/oauth2/access_token endpoint with the key and secret and the client_credentials grant_type. An example below in Python.

response = requests.post(
    url="https://bitbucket.org/site/oauth2/access_token",
    auth=(f"{oauth_key}", f"{oauth_secret}"),
    data={"grant_type":"client_credentials"}
)

Also with CURL it's straight forward to test e.g.

curl -X POST --user <OAuth consumer Key>:<OAuth consumer Secret> https://bitbucket.org/site/oauth2/access_token -d grant_type=client_credentials

Hope that helps, let me know if you need anymore guidance.

Is this "hack" still working? I've got this every time

{"error_description": "Cannot use client_credentials with a consumer marked as \"public\". Calls for auto generated consumers should use urn:bitbucket:oauth2:jwt instead.", "error": "invalid_grant"}

Hello @Yasar Ertekin,

Bitbucket Cloud doesn't have personal tokens (as in, single string), but it has app passwords (which meant to be used with your username replacing your regular password) and OAuth tokens instead.

Hope this helps.

Cheers,
Daniil

I tried to use app passwords, in place of personal access token, as mentioned but I can't push the change to Bitbucket Cloud because of insufficient permission (according to the message). What should I do? Thanks

The app password does not have push permission.