Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,461,552
Community Members
 
Community Events
176
Community Groups

authentication using app password failing since 4 hours ago

Edited

I'm using wget or cURL to download resources from bitbucket repositories.

Starting from March, 10th 6:00PM GMT I'm receiving this message:

Bitbucket Cloud recently stopped supporting account passwords for API authentication.
See our community post for more details: https://atlassian.community/t5/x/x/ba-p/1948231
App passwords are recommended for most use cases and can be created in your Personal settings:
https://bitbucket.org/account/settings/app-passwords/
For more details on API authentication methods see our documentation:
https://developer.atlassian.com/cloud/bitbucket/rest/intro/#authentication

even if using username (not email) + app password, both with Basic Authentication Header or username:apppassword  

app password has been created with all the available permissions checked.

 

5 answers

1 accepted

1 vote
Answer accepted

actually resolved by changing the host from

https://bitbucket.org/company/repo/download/resource

to 

https://api.bitbucket.org/2.0/repositories/company/repo/download/resource

basic authentication still functional using api url.

Figured out how basic authentication still works through cURL, Wget or similar.

Use your username and then create an App password here: https://bitbucket.org/account/settings/app-passwords/

 

This was discovered by an API response with this message:

 

See our community post for more details: https://atlassian.community/t5/x/x/ba-p/1948231

App passwords are recommended for most use cases and can be created in your Personal settings:

https://bitbucket.org/account/settings/app-passwords/

For more details on API authentication methods see our documentation:

https://developer.atlassian.com/cloud/bitbucket/rest/intro/#authentication

There must have been a change in the basic auth authentication part of the API. As the others here also noted, requests via basic auth started failing for me in the last weeks.

The answer over at https://community.atlassian.com/t5/Bitbucket-questions/Re-How-use-List-Pull-Requests-API-with-App-Passwords-an/qaq-p/1971625/comment-id/79503#M79503 did give me the solution.

 

[...] to use app passwords in basic auth, the username you'd use is your Bitbucket username [...]

I was using my email address in combination with the app password before. As soon as I changed it to username plus app password the requests were successful again.

I was using my email address in combination with the app password before. As soon as I changed it to username plus app password the requests were successful again.

Don't know if they fixed that already, but it didn't work with username or email when I last time answered this thread.

My original code was using username for that since the beginning. My current oauth method seems to be stable now also.

seems that User-Agents "curl" and "wget" has been blacklisted

Even postman throws you error if you have 'Authorization' header with 'Basic bearer' included. Without word 'Basic' we get HTML page.

User-agent doesn't seem to matter as it also has 'User-agent': 'PostmanRuntime/7.29.0'


Error we got in postman:

Error: Exceeded maxRedirects. Probably stuck in a redirect loop https://bitbucket.org/account/signin/?next=...

if you override User-Agent header set to 'curl' or 'wget' you will see the same error when using curl (or wget)

Like villeviitaharju likes this

Good point, totally missed that one..

So other user agents just go to redirect loop while wget/curl show error (but are both broken).

Like Alan Casalboni likes this

Same issue here (using node request instead of curl, but same method with basic auth).

And when using CURL, it response shows app password error while using app password.

Update:
Changed our code to use OAuth instead of basic auth.
So instead of one simple step, we had to do multiple steps to archieve the same results..

So using OAuth works?

Yep, OAuth works. But it is just much more work compared to basic auth.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events