authorization failed while branch scan, no app token support for bitbucket cloud

Question

authorization failed while branch scan, no app token support for bitbucket cloud

simon-said opened this issue 2 years ago · 12 comments

Jenkins and plugins versions report

Environment

Jenkins: 2.319.3
OS: Linux - 5.4.0-104-generic
---
Office-365-Connector:4.15.2
ace-editor:1.1
adoptopenjdk:1.4
amazon-ecr:1.7
amazon-ecs:1.40
analysis-model-api:10.9.3
ant:1.13
antisamy-markup-formatter:2.7
apache-httpcomponents-client-4-api:4.5.13-1.0
authentication-tokens:1.4
authorize-project:1.4.0
aws-codecommit-trigger:3.0.12
aws-credentials:189.v3551d5642995
aws-java-sdk:1.12.163-315.v2b_716ec8e4df
aws-java-sdk-cloudformation:1.12.163-315.v2b_716ec8e4df
aws-java-sdk-codebuild:1.12.163-315.v2b_716ec8e4df
aws-java-sdk-ec2:1.12.163-315.v2b_716ec8e4df
aws-java-sdk-ecr:1.12.163-315.v2b_716ec8e4df
aws-java-sdk-ecs:1.12.163-315.v2b_716ec8e4df
aws-java-sdk-elasticbeanstalk:1.12.163-315.v2b_716ec8e4df
aws-java-sdk-iam:1.12.163-315.v2b_716ec8e4df
aws-java-sdk-logs:1.12.163-315.v2b_716ec8e4df
aws-java-sdk-minimal:1.12.163-315.v2b_716ec8e4df
aws-java-sdk-ssm:1.12.163-315.v2b_716ec8e4df
basic-branch-build-strategies:1.3.2
bitbucket:223.vd12f2bca5430
bitbucket-oauth:0.12
bitbucket-push-and-pull-request:2.8.1
blueocean:1.25.3
blueocean-autofavorite:1.2.5
blueocean-bitbucket-pipeline:1.25.3
blueocean-commons:1.25.3
blueocean-config:1.25.3
blueocean-core-js:1.25.3
blueocean-dashboard:1.25.3
blueocean-display-url:2.4.1
blueocean-events:1.25.3
blueocean-git-pipeline:1.25.3
blueocean-github-pipeline:1.25.3
blueocean-i18n:1.25.3
blueocean-jira:1.25.3
blueocean-jwt:1.25.3
blueocean-personalization:1.25.3
blueocean-pipeline-api-impl:1.25.3
blueocean-pipeline-editor:1.25.3
blueocean-pipeline-scm-api:1.25.3
blueocean-rest:1.25.3
blueocean-rest-impl:1.25.3
blueocean-web:1.25.3
bootstrap4-api:4.6.0-3
bootstrap5-api:5.1.3-6
bouncycastle-api:2.25
branch-api:2.7.0
build-timeout:1.20
built-on-column:1.1
caffeine-api:2.9.2-29.v717aac953ff3
checks-api:1.7.2
cloudbees-bitbucket-branch-source:757.vddedc5f2589a_
cloudbees-folder:6.708.ve61636eb_65a_5
command-launcher:1.6
conditional-buildstep:1.4.1
config-file-provider:3.9.0
configuration-as-code:1414.v878271fc496f
copyartifact:1.46.2
credentials:1074.v60e6c29b_b_44b_
credentials-binding:1.27.1
cucumber-reports:5.6.1
data-tables-api:1.11.4-2
display-url-api:2.3.5
docker-build-step:2.8
docker-commons:1.19
docker-java-api:3.1.5.2
docker-plugin:1.2.6
docker-slaves:1.0.7
docker-workflow:1.28
dtkit-api:3.0.0
durable-task:493.v195aefbb0ff2
echarts-api:5.3.0-2
email-ext:2.87
envinject:2.839.v52c702c10635
envinject-api:1.180.v98d833b_27470
external-monitor-job:191.v363d0d1efdf8
favorite:2.4.0
font-awesome-api:6.0.0-1
forensics-api:1.8.1
git:4.10.3
git-client:3.11.0
git-parameter:0.9.15
git-server:1.10
github:1.34.3
github-api:1.301-378.v9807bd746da5
github-branch-source:2.11.4
gradle:1.38
h2-api:1.4.199
handlebars:3.0.8
handy-uri-templates-2-api:2.1.8-1.0
htmlpublisher:1.29
jackson2-api:2.13.1-246.va8a9f3eaf46a
jacoco:3.3.1
javadoc:217.v905b_86277a_2a_
javax-activation-api:1.2.0-2
javax-mail-api:1.6.2-5
jaxb:2.3.0.1
jdk-tool:1.5
jenkins-design-language:1.25.3
jenkins-multijob-plugin:1.36
jira:3.7
jjwt-api:0.11.2-9.c8b45b8bb173
jnr-posix-api:3.1.7-2
job-dsl:1.78.3
job-import-plugin:3.4
jquery:1.12.4-1
jquery3-api:3.6.0-2
jsch:0.1.55.2
junit:1.54
ldap:2.8
locale:144.v1a_998824ddb_3
lockable-resources:2.14
mailer:408.vd726a_1130320
mapdb-api:1.0.9.0
mask-passwords:3.0
matrix-auth:3.1
matrix-project:1.20
maven-plugin:3.16
mercurial:2.16
momentjs:1.1.1
msbuild:1.30
multiple-scms:0.8
nodejs:1.5.1
okhttp-api:4.9.3-105.vb96869f8ac3a
pam-auth:1.7
parameterized-trigger:2.43
pipeline-aws:1.43
pipeline-build-step:2.16
pipeline-github-lib:36.v4c01db_ca_ed16
pipeline-graph-analysis:188.v3a01e7973f2c
pipeline-input-step:446.vf27b_0b_83500e
pipeline-maven:3.10.0
pipeline-milestone-step:100.v60a_03cd446e1
pipeline-model-api:1.9.3
pipeline-model-definition:1.9.3
pipeline-model-extensions:1.9.3
pipeline-npm:0.9.2
pipeline-rest-api:2.23
pipeline-stage-step:291.vf0a8a7aeeb50
pipeline-stage-tags-metadata:1.9.3
pipeline-stage-view:2.23
plain-credentials:1.8
plugin-util-api:2.14.0
popper-api:1.16.1-2
popper2-api:2.11.2-1
prism-api:1.26.0-2
publish-over:0.22
pubsub-light:1.16
resource-disposer:0.17
run-condition:1.5
scm-api:595.vd5a_df5eb_0e39
script-security:1138.v8e727069a_025
snakeyaml-api:1.29.1
sonar:2.14
sonargraph-integration:5.0.1
sse-gateway:1.25
ssh:2.6.1
ssh-agent:1.24.1
ssh-credentials:1.19
ssh-slaves:1.806.v2253cedd3295
sshd:3.1.0
structs:308.v852b473a2b8c
subversion:2.15.2
throttle-concurrents:2.6
timestamper:1.17
token-macro:280.v97a_82642793c
trilead-api:1.0.13
variant:1.4
warnings-ng:9.11.1
windows-slaves:1.8
workflow-aggregator:2.7
workflow-api:1138.v619fd5201b_2f
workflow-basic-steps:2.24
workflow-cps:2660.vb_c0412dc4e6d
workflow-cps-global-lib:564.ve62a_4eb_b_e039
workflow-durable-task-step:1121.va_65b_d2701486
workflow-job:1145.v7f2433caa07f
workflow-multibranch:711.vdfef37cda_816
workflow-scm-step:2.13
workflow-step-api:622.vb_8e7c15b_c95a_
workflow-support:813.vb_d7c3d2984a_0
ws-cleanup:0.40
xunit:3.0.5

What Operating System are you using (both controller, and any agents involved in the problem)?

ubuntu 20.04 LTS

Reproduction steps

manually create multibranch pipeline
select bitbucket as source and then bitbucket cloud ( https://bitbucket.org )
i can only select credentials, but no app token ! there is only app token support for bitbucket server but not for bitbucket cloud -> #495

Expected Results

normal checkout and scan

Actual Results

Gestartet durch Benutzer XXXXXX, XXXXXX
com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketRequestException: HTTP request error. Status: 401: Unauthorized.
Bitbucket Cloud recently stopped supporting account passwords for API authentication.
See our community post for more details: https://atlassian.community/t5/x/x/ba-p/1948231
App passwords are recommended for most use cases and can be created in your Personal settings:
https://bitbucket.org/account/settings/app-passwords/
For more details on API authentication methods see our documentation:
https://developer.atlassian.com/cloud/bitbucket/rest/intro/#authentication

at com.cloudbees.jenkins.plugins.bitbucket.client.BitbucketCloudApiClient.getRequestAsInputStream(BitbucketCloudApiClient.java:911)
at com.cloudbees.jenkins.plugins.bitbucket.client.BitbucketCloudApiClient.getRequest(BitbucketCloudApiClient.java:923)
at com.cloudbees.jenkins.plugins.bitbucket.client.BitbucketCloudApiClient.getBranchesByRef(BitbucketCloudApiClient.java:497)
at com.cloudbees.jenkins.plugins.bitbucket.client.BitbucketCloudApiClient.getBranches(BitbucketCloudApiClient.java:488)
at com.cloudbees.jenkins.plugins.bitbucket.BitbucketSCMSource.retrieve(BitbucketSCMSource.java:801)
at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582)
at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:101)
at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:310)
at hudson.model.ResourceController.execute(ResourceController.java:99)
at hudson.model.Executor.run(Executor.java:432)

Finished: FAILURE

Anything else?

No response

Answer 1 · 2022-03-10T11:51:38.000Z

We also have the same issue. Is there a work around until there is a fix?

Answer 2 · 2022-03-10T12:09:36.000Z

Our multi-branch pipelines stopped working, any workaround suggestions much appreciated 🙏

Answer 3 · 2022-03-10T14:30:47.000Z

We also had this issue, using a custom credential with bitbucket username +app password (not account password) replacing the BlueOcean credentials solved it.

Answer 4 · 2022-03-10T21:24:18.000Z

Also running into this issue.

Answer 5 · 2022-03-11T00:29:03.000Z

@guilhermelawless we tried with bitbucket username +app password. no luck, was there anything else you needed to do?

Answer 6 · 2022-03-11T07:51:17.000Z

@cdknorow Make sure you use your username and not your email you use to login => If you press 'Clone' on a repository and select HTTPS: https://[username]@bitbucket.org/...

Answer 7 · 2022-03-11T08:45:07.000Z

i solved it by use ssh key .
https://medium.com/@nitingupta.bciit/jenkins-automated-build-with-private-bitbucket-repository-51964ad3d53a
https://geekcontainer.wordpress.com/2018/02/12/integrate-your-bitbucket-with-jenkins-using-ssh-keys/

Answer 8 · 2022-03-11T14:57:19.000Z

For me the added SSH keys never appear in the drop down list when selecting a credential. An app password works though

Answer 9 · 2022-03-15T12:11:21.000Z

App password + username works
app password with email will not.
I had to change both password AND login, and then it works.
I thought I write it as previously username and email were both working.

not sure if that is even a bug as it's just policy change on BB side, plugin have nothing to do with it.

Answer 10 · 2022-03-15T17:36:10.000Z

App password + username works app password with email will not. I had to change both password AND login, and then it works. I thought I write it as previously username and email were both working.

not sure if that is even a bug as it's just policy change on BB side, plugin have nothing to do with it.

Hello orlra/all
i believe it is a policy

from :
https://community.atlassian.com/t5/Bitbucket-articles/Announcement-Bitbucket-Cloud-account-password-usage-for-Git-over/ba-p/1948231

App passwords do not support email address as a username for authentication. So, some user's Git remote URLs using their email address will need to be adjusted so that they use their Bitbucket Cloud username instead, like so: ...

Answer 11 · 2022-03-16T13:11:06.000Z

This also broke all of our multibranch pipelines unfortunately

Answer 12 · 2022-03-18T11:24:35.000Z

Closed via #576 - thanks @janithjeewantha

For future reference: https://github.com/jenkinsci/bitbucket-branch-source-plugin/blob/master/docs/USER_GUIDE.adoc#app-passwords