Closed muuvmuuv closed 2 years ago
You can create "App Password" with specific permission from here: https://bitbucket.org/account/settings/app-passwords/ and use that instead of you password.
@MunifTanjim sorry but this does not work. I created one with read permissions on pull-requests and pipelines, replaced my personal pw with the generated app-password and get a 401.
Unless you show some example codes or give details about which API you're trying to call and what is the exact permission of your app-password, I don't know how to help you.
Getting 401
generally means that your app-password doesn't have sufficient permission for the API endpoint you're trying to call.
These are the ones I use, like I said I am reading pull-request and pipeline status:
const bitbucket = new Bitbucket.Bitbucket({
auth: {
username: 'xxxxx',
password: "my-app-password"
},
})
bitbucket.pullrequests.list({
sort: "-created_on",
pagelen: 33,
state: "OPEN"
})
bitbucket.pipelines.list({
sort: "-created_on",
pagelen: 111
})
pullrequests.list
needs workspace
and repo_slug
params. Those two params aren't there in your example code.
If you still get 401
then your app password doesn't have enough permission to access the repo.
@MunifTanjim I just excluded them to not reveal sensitive data.
So I tested it now with an app password that has ALL permissions. Still 401. I have access to that project and it does work with my account password, just not with those app passwords.
Strange, it works for me.
bitbucket.pullrequests
.list({
workspace: 'USERNAME',
repo_slug: 'REPONAME',
sort: '-created_on',
pagelen: 33,
state: 'OPEN',
})
.then(({ data, headers }) => {
console.log(data, headers)
})
.catch((err) => {
console.log(err)
})
Can you run this and paste the full output here?
I have absolutely no idea why Bitbucket is not accepting your app-password. I just created a new one with just "Pull requests - read" permission and it worked as expected.
If you want to investigate further, you can do:
.catch((err) => {
console.log(JSON.stringify(err,null,2))
})
to check exactly what request is being made to the API endpoint.
I will add it to our internal Jira. Maybe my user itself has not enough rights and Atlassian does not check for that and messes around with permissions towards BitBucket. Just a thought :D. Since it is working for you I expect it to be an issue on our side, I will close this for now and come back if the ticket is in our in-progress sprint. Thanks anyway :)
I would like to use the token since its easier to provide in CI evns and I can revoke it later. But where do I get that token from? Jira uses some token and its generated here: https://id.atlassian.com/manage-profile/security/api-tokens