'How to Configure/Access Bitbucket Server REST API via OAuth Client Credentials

I don't understand how to generate the secret that is used for the Bitbucket Server REST API using the client credential grant type. For example:

$ curl -X POST -u "client_id:secret" https://example.org/site/oauth2/access_token -d grant_type=client_credentials

Is this created in the "Application Links" area? How do I specify the user that I would like to authorize?

restoauthbitbucket-serverbitbucket-api


Solution 1:[1]

The url you are stating in your question rather looks like the Bitbucket Cloud version one. The OAuth procedure for Bitbucket Server resp. for all Atlassian Server products look a bit different.

There are already some documentation about this and also How-Tos like:

But in general you was already stating the correct term: Application Link. Yes, in there you can create and configure Application Links which are then using OAuth1 to authenticate. During the configuration there you can specify the consumer key and consumer secret. Additionally Private/Public key pair is necessary and you need to provide the public part during the configuration. There are some different types of authentication:

  • 2-legged OAuth with fallback user
  • 2-legged OAuth with impersonation
  • 3-legged OAuth with impersonation through Permission by the actual User

Here is also more written about the different types: https://confluence.atlassian.com/applinks/oauth-security-for-application-links-774045732.html

Solution 2:[2]

Here's how I authenticated with Bitbucket Cloud.

Setup OAauth Consumer

Go to your workspace settings and setup an OAuth consumer, you should be able to go here directly using this link: https://bitbucket.org/{your_workspace}/workspace/settings/api

The only setting that matters is the callback URL which can be anything but I chose http://localhost

Once setup, this will display a key and secret pair for your OAuth consumer, I will refer to these as {oauth_key} and {oauth_secret} below

Authenticate with the API

Go to https://bitbucket.org/site/oauth2/authorize?client_id={oauth_key}&response_type=code ensuring you replace {oauth_key}

This will redirect you to something like http://localhost/?code=xxxxxxxxxxxxxxxxxx, make a note of that code, I'll refer to that as {oauth_code} below

In your terminal go to curl -X POST -u "{oauth_key}:{oauth_secret}" https://bitbucket.org/site/oauth2/access_token -d grant_type=authorization_code -d code={oauth_code} replacing the placeholders.

This should return json including the access_token, you can now pass this to the API via a curl command header:

--header 'Authorization: Bearer {oauth_token}'

where {oauth_token} is the access_token part of the json response from the last command.

Here's an example used to get repositories:

url --request GET \
  --url 'https://api.bitbucket.org/2.0/repositories/pageant?page=1' \
  --header 'Authorization: Bearer {oauth_token}' \
  --header 'Accept: application/json'

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 TheFRedFox
Solution 2 George Norfolk

Related Questions

Modify WooCommerce REST API product image upload

Modify WooCommerce REST API product image upload

How to extract the list of all repositories in Stash or Bitbucket?

HTTP response code for POST when resource already exists

can't watch multiple files with json-server

How to call a REST web service API from JavaScript?

How to call a REST web service API from JavaScript?

Posting a File and Associated Data to a RESTful WebService preferably as JSON

Symfony post request body parameters?

In Hexagonal architecture, can a service rely on another service, or is that tight coupling?

How do I use Django piston to return a response in text/plain?

How do I set up a Google Cloud Function with Authentication?

split json response in Qt

Developing a Spring REST service with OData interface

Blueprint and factory pattern work together?