Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,300,881
Community Members
 
Community Events
165
Community Groups

Using APP PASSWORD to downlod zip of repo results in 403 telling me to log in

Until recently, we had a CFML script which would pull down a complete zip file of our branch and parse it out to the server. The <cfhttp> tag attribute would look like this:

url="https://bitbucket.org/[account]/[project]/get/[branch].zip" 

An Atlassian username and password was used, and everything worked fine. Obviously, we want to move to an APP PASSWORD account with reduced permissions - because our current method of using user credentials is going to be deprecated, right?

So, after playing around with permissions enough to get any response at all, we finally got this (the "contents" of the .zip file) from our latest attempt:

403 Forbidden
Your account is currently inactive. Because it's been a while since you logged in, you'll need to log in at https://bitbucket.org to get back in to your account.

I doubt that there's any way for an APP PASSWORD to actually "log in" at the bitbucket.org web site. This message seems like a red herring.

So I'm stumped. What is the server actually trying to tell us, what exactly are the permissions needed on an APP PASSWORD for our current endpoint above to continue working?

(We've tried Workplace=Read, Projects=Read, Repositories=Read, Pull requests=Read)

Thanks all,
Al

2 answers

1 accepted

0 votes
Answer accepted

The 403 message is a red herring, and seems to avoid saying that the Label should not be substituted for the [account] name (see url above) when an app password is used.

IOW, every APP PASSWORD you create continues to employ [account] as the username.

I would suggest an Enhancement Request to add some hint wording to this effect - where App Passwords are created, perhaps a tooltip (?) next to the "Label" column header, or a faux "Username" header which just repeats the correct value on each row.
I suspect this would reduce the volume of support traffic from idiots like me.

FYI It looks like the only permission needed was “Read” under “Pull requests”. 

0 votes

kutumb aap downlod

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,263 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you