Login/Register
How to Configure/Access Bitbucket Server REST API via OAuth Client Credentials
Asked Answered
restoauthbitbucket-serverbitbucket-api
B

2

4

I don't understand how to generate the secret that is used for the Bitbucket Server REST API using the client credential grant type. For example:

$ curl -X POST -u "client_id:secret" https://example.org/site/oauth2/access_token -d grant_type=client_credentials

Is this created in the "Application Links" area? How do I specify the user that I would like to authorize?

Bromide answered 1/4, 2016 at 21:38 Comment(2)
Same problem here. I'm looking for the same solution because there's no option to add OAuth consumer in on-premise version of BitBucket server. The option is available only in cloud version.Easterly
I can confirm we are also using an on-premise solution.Bromide
M
1

Here's how I authenticated with Bitbucket Cloud.

Setup OAauth Consumer

Go to your workspace settings and setup an OAuth consumer, you should be able to go here directly using this link: https://bitbucket.org/{your_workspace}/workspace/settings/api

The only setting that matters is the callback URL which can be anything but I chose http://localhost

Once setup, this will display a key and secret pair for your OAuth consumer, I will refer to these as {oauth_key} and {oauth_secret} below

Authenticate with the API

Go to https://bitbucket.org/site/oauth2/authorize?client_id={oauth_key}&response_type=code ensuring you replace {oauth_key}

This will redirect you to something like http://localhost/?code=xxxxxxxxxxxxxxxxxx, make a note of that code, I'll refer to that as {oauth_code} below

In your terminal go to curl -X POST -u "{oauth_key}:{oauth_secret}" https://bitbucket.org/site/oauth2/access_token -d grant_type=authorization_code -d code={oauth_code} replacing the placeholders.

This should return json including the access_token, you can now pass this to the API via a curl command header:

--header 'Authorization: Bearer {oauth_token}'

where {oauth_token} is the access_token part of the json response from the last command.

Here's an example used to get repositories:

url --request GET \
  --url 'https://api.bitbucket.org/2.0/repositories/pageant?page=1' \
  --header 'Authorization: Bearer {oauth_token}' \
  --header 'Accept: application/json'
Mensa answered 3/5, 2022 at 17:42 Comment(1)
This worked with one modification. I had to add the redirect_uri set in the App Password configuration in the request for access token: curl -X POST -u "{oauth_key}:{oauth_secret}" https://bitbucket.org/site/oauth2/access_token -d grant_type=authorization_code -d code={oauth_code} -d redirect_url={redirect_uri} Kristiekristien
F
0

The url you are stating in your question rather looks like the Bitbucket Cloud version one. The OAuth procedure for Bitbucket Server resp. for all Atlassian Server products look a bit different.

There are already some documentation about this and also How-Tos like:

But in general you was already stating the correct term: Application Link. Yes, in there you can create and configure Application Links which are then using OAuth1 to authenticate. During the configuration there you can specify the consumer key and consumer secret. Additionally Private/Public key pair is necessary and you need to provide the public part during the configuration. There are some different types of authentication:

  • 2-legged OAuth with fallback user
  • 2-legged OAuth with impersonation
  • 3-legged OAuth with impersonation through Permission by the actual User

Here is also more written about the different types: https://confluence.atlassian.com/applinks/oauth-security-for-application-links-774045732.html

Fluorometer answered 1/8, 2019 at 13:45 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.