Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Clarification: Personal Access Token versus OAuth

neomatrix369
neomatrix369 June 22, 2019

I have been looking at these two topics in order to be able to start using BitBucket REST API which expects (allows) access via a token. 

Although the Bitbucket Cloud interface does not have any option to create Personal access tokens but has one for OAuth (this link provides docs on Personal Access Tokens for Bitbucket server https://confluence.atlassian.com/bitbucketserver063/personal-access-tokens-972354166.html#Personalaccesstokens-Usingpersonalaccesstokens). 

I couldn't find anything on Personal Access Token for Bitbucket Cloud.

In case we have OAuth token, and want to use it as a personal access token can we do this "[key]:[secret]", where key and secret are the two components generated by the OAuth interface.

Just to be clear, when I log into my account under Settings I only see options for OAuth, there isn't anything that says Personal Access Token, see below:

.

Screen Shot 2019-06-22 at 15.04.15.pngScreen Shot 2019-06-22 at 15.04.26.png

 

Also, do I need to define callback URI and any other URL/URI when creating the consumer via the OAuth interface, if so why? If I'm only going to use the OAuth token to access repositories, where do redirections come into play? I don't need to do it for other providers, in fact, I get to generate Personal Access Tokens.

Answer
Watch
Like Be the first to like this
1058 views

2 answers

1 accepted

0 votes
Answer accepted
Eric Henry
Eric Henry
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 23, 2019

@neomatrix369 - from your other question, it looks like you already found the answer. Bitbucket Cloud doesn't have anything specifically called a Personal Access Token, but App Passwords are similar. You can also use OAuth 2LO in a similar way.

View More Comments
neomatrix369
neomatrix369 June 24, 2019

Thanks for confirming, it would help if you mentioned something along the lines in the documentation and it was searchable so those who are using Personal Access Token or familiar with the concept can associate Bitbucket App Passwords with it.

I have overcome this hurdle now.

Like
Reply
1 vote
neomatrix369
neomatrix369 June 24, 2019

Also wondered if I can use the App Passwords in a way Personal Access Tokens can be used.

For e.g can I create a machine user on bitbucket let's call it `machineUser`, add it the the main org bitbucket account (let's call it mainOrgUser) so that the machine user now can collaborate on projects (repos) on the main org bitbucket account. 

Then generate an App Password (say it is 3g25nam3...) on the main org bitbucket account, with limited scope and then access the repositories on the main org bitbucket account using this machine user and the generated App Password from above. 

For e.g. can I make a REST API call like the below:

curl https://api.bitbucket.org/2.0/repositories/mainOrgUser/someRepository/pullrequests \
    -u  machineUser:3g25nam3...

### I have used all three entities together here, so machineUser can be a \
### scoped user with limited rights

I have seen Personal Access Tokens used in this way. Would it work with App Passwords in the same way?

Or App Passwords are tied to the bitbucket org account you generate them on and can be only used with the user id of that org account.

I hope I'm being clear here, its a bit involved question.

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.