Using BITBUCKET_STEP_OIDC_TOKEN for Bitbucket API Authentication

Sjoerd de Vries
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 16, 2024

Hello Bitbucket Community,

I'm currently automating some of our workflows using Bitbucket Pipelines and faced an issue when trying to authenticate API requests to Bitbucket's REST API. I attempted to use `BITBUCKET_STEP_OIDC_TOKEN` for this purpose, specifically to post comments on pull requests. Here's the curl command I used:

```sh
curl --request POST \
--url 'https://api.bitbucket.org/2.0/repositories/${BITBUCKET_WORKSPACE}/${BITBUCKET_REPO_SLUG}/pullrequests/${BITBUCKET_PR_ID}/comments' \
--header 'Authorization: Bearer ${BITBUCKET_STEP_OIDC_TOKEN}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{ "content": { "raw": "what" } }'
```

However, this approach doesn't seem to work, and I suspect the `BITBUCKET_STEP_OIDC_TOKEN` might not be valid for this type of API request. I would appreciate any guidance on the following:

1. Is `BITBUCKET_STEP_OIDC_TOKEN` intended for use with Bitbucket's own API?
2. What is the recommended method for posting PR comments from a pipeline?

 

Any advice or examples would be greatly appreciated.

Thank you in advance for your help!

1 answer

1 accepted

2 votes
Answer accepted
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 19, 2024

Hi Sjoerd,

OIDC is used if you want to connect to external resource servers, such as AWS, GCP, or Vault. In these cases, if you set up OIDC, the $BITBUCKET_STEP_OIDC_TOKEN will allow you to access these resource servers. It cannot be used for authentication with Bitbucket Cloud API calls.

You can see the available ways of authenticating with API calls here:

You could create for example a Repository Access token with Pull requests permissions. You can store it in a secured variable (from Repository settings > PIPELINES Repository variables) and then use it in the API call.

You can find more info on Repository Access tokens here:

Please feel free to reach out if you have any questions!

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events