'How to Configure/Access Bitbucket Server REST API via OAuth Client Credentials
I don't understand how to generate the secret that is used for the Bitbucket Server REST API using the client credential grant type. For example:
$ curl -X POST -u "client_id:secret" https://example.org/site/oauth2/access_token -d grant_type=client_credentials
Is this created in the "Application Links" area? How do I specify the user that I would like to authorize?
Solution 1:[1]
The url you are stating in your question rather looks like the Bitbucket Cloud version one. The OAuth procedure for Bitbucket Server resp. for all Atlassian Server products look a bit different.
There are already some documentation about this and also How-Tos like:
- https://developer.atlassian.com/server/jira/platform/oauth/
- https://medium.com/mibexsoftware/how-to-use-oauth-with-atlassian-products-c0f357ae91eb
But in general you was already stating the correct term: Application Link. Yes, in there you can create and configure Application Links which are then using OAuth1 to authenticate. During the configuration there you can specify the consumer key and consumer secret. Additionally Private/Public key pair is necessary and you need to provide the public part during the configuration. There are some different types of authentication:
- 2-legged OAuth with fallback user
- 2-legged OAuth with impersonation
- 3-legged OAuth with impersonation through Permission by the actual User
Here is also more written about the different types: https://confluence.atlassian.com/applinks/oauth-security-for-application-links-774045732.html
Solution 2:[2]
Here's how I authenticated with Bitbucket Cloud.
Setup OAauth Consumer
Go to your workspace settings and setup an OAuth consumer, you should be able to go here directly using this link: https://bitbucket.org/{your_workspace}/workspace/settings/api
The only setting that matters is the callback URL which can be anything but I chose http://localhost
Once setup, this will display a key and secret pair for your OAuth consumer, I will refer to these as {oauth_key}
and {oauth_secret}
below
Authenticate with the API
Go to https://bitbucket.org/site/oauth2/authorize?client_id={oauth_key}&response_type=code
ensuring you replace {oauth_key}
This will redirect you to something like http://localhost/?code=xxxxxxxxxxxxxxxxxx
, make a note of that code, I'll refer to that as {oauth_code}
below
In your terminal go to curl -X POST -u "{oauth_key}:{oauth_secret}" https://bitbucket.org/site/oauth2/access_token -d grant_type=authorization_code -d code={oauth_code}
replacing the placeholders.
This should return json including the access_token, you can now pass this to the API via a curl command header:
--header 'Authorization: Bearer {oauth_token}'
where {oauth_token}
is the access_token part of the json response from the last command.
Here's an example used to get repositories:
url --request GET \
--url 'https://api.bitbucket.org/2.0/repositories/pageant?page=1' \
--header 'Authorization: Bearer {oauth_token}' \
--header 'Accept: application/json'
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | TheFRedFox |
Solution 2 | George Norfolk |