Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,559,582
Community Members
 
Community Events
184
Community Groups

Using APP PASSWORD to downlod zip of repo results in 403 telling me to log in

Alan Holden
Alan Holden Nov 09, 2021

Until recently, we had a CFML script which would pull down a complete zip file of our branch and parse it out to the server. The <cfhttp> tag attribute would look like this:

url="https://bitbucket.org/[account]/[project]/get/[branch].zip"

An Atlassian username and password was used, and everything worked fine. Obviously, we want to move to an APP PASSWORD account with reduced permissions - because our current method of using user credentials is going to be deprecated, right?

So, after playing around with permissions enough to get any response at all, we finally got this (the "contents" of the .zip file) from our latest attempt:

403 Forbidden
Your account is currently inactive. Because it's been a while since you logged in, you'll need to log in at https://bitbucket.org to get back in to your account.

I doubt that there's any way for an APP PASSWORD to actually "log in" at the bitbucket.org web site. This message seems like a red herring.

So I'm stumped. What is the server actually trying to tell us, what exactly are the permissions needed on an APP PASSWORD for our current endpoint above to continue working?

(We've tried Workplace=Read, Projects=Read, Repositories=Read, Pull requests=Read)

Thanks all,
Al

Answer
Watch
Like Be the first to like this
208 views

2 answers

1 accepted

0 votes
Answer accepted
Alan Holden
Alan Holden Nov 10, 2021

The 403 message is a red herring, and seems to avoid saying that the Label should not be substituted for the [account] name (see url above) when an app password is used.

IOW, every APP PASSWORD you create continues to employ [account] as the username.

I would suggest an Enhancement Request to add some hint wording to this effect - where App Passwords are created, perhaps a tooltip (?) next to the "Label" column header, or a faux "Username" header which just repeats the correct value on each row.
I suspect this would reduce the volume of support traffic from idiots like me.

View More Comments
Alan Holden
Alan Holden Nov 10, 2021

FYI It looks like the only permission needed was “Read” under “Pull requests”. 

Like
Reply
0 votes
Bharat Barot
Bharat Barot Apr 06, 2022

kutumb aap downlod

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

See all events