Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Invalid OAuth Client Credentials error when setting up BitBucket Autoscaler for BitBucket Pipelines

Alec Applegate
Alec Applegate
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 30, 2024

As the topic says, I'm getting the following OAuth error when deploying the runner-controller:

```

self._client.parse_request_body_response(r.text, scope=self.scope) File "/usr/local/lib/python3.10/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 427, in parse_request_body_response self.token = parse_token_response(body, scope=scope) File "/usr/local/lib/python3.10/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 441, in parse_token_response validate_token_parameters(params) File "/usr/local/lib/python3.10/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 448, in validate_token_parameters raise_from_error(params.get('error'), params) File "/usr/local/lib/python3.10/site-packages/oauthlib/oauth2/rfc6749/errors.py", line 399, in raise_from_error raise cls(**kwargs) oauthlib.oauth2.rfc6749.errors.UnauthorizedClientError: (unauthorized_client) Invalid OAuth client credentials

```

What I've done so far:

1. Created OAuth Consumer for my workspace.

2. Gave the Consumer account:read, runner:write, repository:read permissions.

3. Gave the Consumer a dummy callback URL e.g. `http://localhost:8080`

4. Made the Consumer private

5. Copied the Client ID and Secret from the newly created consumer

6. Ran `echo <CLIENT_ID> | base64` and `echo <SECRET> | base64`

7. Copied the resulting encrypted strings and put them in the kustomization.yaml file, replacing the "" under bitbucketOauthClientId and bitbucketOauthClientSecret so that the file now reads e.g. `value: <MY_BASE64_STRING>`

8. Uncommented Option 1 for both the secret and deployment

9. Ran `kubectl apply -k values`

10. No errors during deployment, but the runner-controller pod is stuck in crash loop with the error from above.

Answer
Watch
Like Sabine Mayer likes this
749 views

2 answers

0 votes
Adilla Rhiskani S
Adilla Rhiskani S April 10, 2025

@Alec Applegate did you solved this problem? because I have same issue

View More Comments
Alec Applegate
Alec Applegate
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 10, 2025

I ended up dropping the values directly into the base/secret.yaml file instead of in kustomize and then remove the patches from kustomize.yaml. So now my setup looks like:

-
secret.yaml
---

apiVersion: v1
kind: Secret
metadata:
   name: runner-bitbucket-credentials
data:
   bitbucketOauthClientId: **************==
   bitbucketOauthClientSecret: *****************==
-
kustomize.yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
configMapGenerator:
   - files:
      - runners_config.yaml
   name: runners-autoscaler-config
   options:
      disableNameSuffixHash: true
namespace: bitbucket-runner-control-plane

images:
- name: bitbucketpipelines/runners-autoscaler
   newTag: 3.7.0
labels:
- includeSelectors: true
   pairs:
      app.kubernetes.io/part-of: runners-autoscaler
-
That works for me
Like
Adilla Rhiskani S
Adilla Rhiskani S April 10, 2025

Thank you for your advice @Alec Applegate , but I still get same error.
I want to confirm, to generate bitbucketOauthClientId and bitbucketOauthClientSecret from this page /workspace/settings/pipelines/account-runners right? And for workspace on runner_config.yaml using UUID workspace or the name of workspace?

Thank you

Like
Reply
0 votes
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 31, 2024

Hello @Alec Applegate ,

and welcome to the Community!

The reported error is usually related with the OAuth Consumer ID/Secret not being configured correctly or lacking the required level of permissions.

I would suggest, for testing porpoises, creating a new OAuth consumer with full permissions set, and ensure to look for any leading/trailing space when converting those to base64.

Then, you can configure your kustomization.yaml file again with these new values and try a new deployment.

Would you be able to run that test and let us know how it goes?

Thank you, @Alec Applegate !

Patrik S

View More Comments
Adilla Rhiskani S
Adilla Rhiskani S April 10, 2025

Hi @Patrik S 
can you give me step by step to creating a new OAuth with full permissions?
Because I got same issue.

Thank You

Like
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 11, 2025

Hey @Adilla Rhiskani S ,

Welcome to the Community!

You can find instructions on how to create an OAuth consumer in your workspace in the following article:

If you run into any issues following those steps, please let us know.

Thank you, @Adilla Rhiskani S !

Patrik S

Like
Adilla Rhiskani S
Adilla Rhiskani S April 13, 2025

Hi @Patrik S
Thank you for article, I have been success install bitbucket auto scale workspace. But after I test using the pipeline I got some issue the pod got multiple times evicted and got message Pod ephemeral local storage usage exceeds the total limit of containers 5Gi.

I have following this article but issue still persist. 
I share my pipeline config.

pipelines:
default:
- step:
name: build-frontend
image: node:16-alpine
runs-on:
- 'dev-runner'
caches:
- node
artifacts:
- build/**
- Dockerfile
- nginx.conf
script:
- yarn install
- yarn build
- step:
name: build-image
services:
- docker
runs-on:
- 'dev-runner'
deployment: development
dependencies:
- build-frontend
script:
- docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_PAT"
- docker build -t "$docker_hub/$REPO:$BITBUCKET_COMMIT" .

Did pipeline need to declare image docker-dind again? For run docker build command, etc

Thank you

Like
Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Pipelines
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security