I'm using PowerShell. I can successfully obtain an access token and refresh token by hitting https://bitbucket.org/site/oauth2/access_token with my OAuth client ID/key and secret from "https://bitbucket.org/[team]/workspace/settings/api".
However, I can't exchange the refresh token for a new access token. I am getting the following error:
"Client credentials missing; this request needs to be authenticated with the OAuth client id and secret"
This can only be a bug, because the whole point of refresh tokens is that you don't need to store the actual credentials (in this case OAuth consumer id/key and secret) in the meantime.
I have seen this:
$ curl -X POST -u "client_id:secret"
https://bitbucket.org/site/oauth2/access_token \
-d grant_type=refresh_token -d refresh_token={refresh_token}
But I think that needs expanding, because it's unclear whether I need to put the text "client_id:secret" as the user part, or substitute either "client_id" and/or "secret" for some other value, and if so, what.
I've tried using PowerShell's `Invoke-RestMethod` passing the client ID and refresh token both in the body and as the credentials and neither works. I must be doing something wrong.
At this point my only recourse is going to be to store the OAuth client ID/key and secret in Windows Credential manager and ask for a new access token every time I need one, and throw away the refresh tokens.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.