Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

git bitbucket unauthorized

Livio Patavini
Livio Patavini November 10, 2020

Hello!

yesterday or in any case in the past few days we encountered authentication problems from our jenkins application towards the git repository managed by bitbucket (of which the log I report). Since we have never changed our login credentials, we wonder if by any chance you have had any disruption that could have impacted git authentication.

Thanks

Attempting to resolve master from remote references...
 > git --version # timeout=10
 > git --version # 'git version 2.20.2'
using GIT_ASKPASS to set credentials Bitbucket
 > git ls-remote -h -- https://bitbucket.org/soldotech/jenkins-pipeline/ # timeout=10
ERROR: Checkout failed
hudson.plugins.git.GitException: Command "git ls-remote -h -- https://bitbucket.org/soldotech/jenkins-pipeline/" returned status code 128:
stdout: 
stderr: remote: Because your Atlassian account admin requires single sign-on, you'll need to authenticate with an app password. Create an app password at https://bitbucket.org/account/admin/app-passwords
fatal: unable to access 'https://bitbucket.org/soldotech/jenkins-pipeline/': The requested URL returned error: 403

	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2450)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2051)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1951)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1942)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.getRemoteReferences(CliGitAPIImpl.java:3381)
	at jenkins.plugins.git.AbstractGitSCMSource.retrieve(AbstractGitSCMSource.java:838)
	at jenkins.scm.api.SCMSource.fetch(SCMSource.java:636)

 

Answer
Watch
Like Alexis Robert likes this
2391 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 13, 2020

Hi Livio,

Did you recently verify a domain for your organization as per https://confluence.atlassian.com/cloud/verify-a-domain-for-your-organization-873871234.html ?

Checking in our system, I can see that the Bitbucket account with same email as your Community account is a managed account.

When a domain is verified as per the documentation above, all Atlassian accounts with an email from this domain become managed.

If you have a managed account, HTTPS authentication when cloning/pulling from Bitbucket Cloud repos is no longer possible with a password, and an app-password should be generated and used instead.

If this started occurring the last few days, I would assume that it was because you verified the domain.

You can create an app-password for the Bitbucket Cloud account that you use for authentication in Jenkins as per the following documentation:

and use this app-password in Jenkins, instead of the account's password.

Please feel free to let me know if this works for you and if you have any questions.

Kind regards,
Theodora

View More Comments
Livio Patavini
Livio Patavini November 17, 2020

hello!

thanks for the answare. I'm still using an app password generated from mine atlassian account (lpatavini@soldo.com). Another strange thing is that the problem is not persistent but intermittent (about 1 time each 10 tries).

What could be? Could you make a search from server side logs? I have a case of error just from few minutes ago:

 

 > git ls-remote -h -- https://bitbucket.org/soldotech/jenkins-pipeline/ # timeout=10
ERROR: Checkout failed
hudson.plugins.git.GitException: Command "git ls-remote -h -- https://bitbucket.org/soldotech/jenkins-pipeline/" returned status code 128:
stdout: 
stderr: remote: Because your Atlassian account admin requires single sign-on, you'll need to authenticate with an app password. Create an app password at https://bitbucket.org/account/admin/app-passwords
fatal: unable to access 'https://bitbucket.org/soldotech/jenkins-pipeline/': The requested URL returned error: 403
 

job launched 17-nov-2020 9.26.

Like
Livio Patavini
Livio Patavini November 17, 2020

Screenshot at Nov 17 18-01-28.pnghere i'm using the app password in place of normal login password.

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 18, 2020

Hi Livio,

Thank you for the info!

If this issue occurs intermittently, I believe the most likely reason would be a cached password in a Git credential manager on that machine. Checking our logs, I can also see intermittent 403 errors and I also see several requests where a password is used instead of an app-password.

Could you please let me know:

  • What operating system do you have on the machine where Jenkins is running?
  • Do you use another Git client application on the same machine, e.g. SourceTree or something else?
  • Or do you perform Git operations via HTTPS via terminal/Git Bash from that machine?

Kind regards,
Theodora

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.