403 Forbidden when logging in

[cjlpowers]

I am seeing a 403 response when attempting to login using this plugin. The problem appears to be with this call.

I can reproduce the error using the following curl.

curl -u user:password https://api.bitbucket.org/2.0/teams?role=member -v

That results in a 403.

< server: nginx
< content-type: application/json
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< date: Mon, 17 Jun 2019 17:03:19 GMT
< x-served-by: app-143
< x-static-version: 111811c8509d
< etag: "41fca282e509952ff3d6cb019b17977f"
< x-render-time: 0.0186619758606
< x-credential-type: password
< x-version: 111811c8509d
< x-request-count: 259
< x-frame-options: SAMEORIGIN
< content-length: 91
< 
* Connection #0 to host api.bitbucket.org left intact
{"type": "error", "error": {"message": "To make a call, you need to use an app password."}}

I have also tried using a app password. That results in a 401.

< HTTP/2 401 
< server: nginx
* Authentication problem. Ignoring this.
< www-authenticate: Basic realm="Bitbucket.org HTTP"
< content-type: text/html; charset=utf-8
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< date: Mon, 17 Jun 2019 17:05:46 GMT
< x-served-by: app-161
< x-static-version: 111811c8509d
< etag: "d41d8cd98f00b204e9800998ecf8427e"
< x-render-time: 0.229010105133
< x-version: 111811c8509d
< x-request-count: 199
< x-frame-options: SAMEORIGIN
< content-length: 0
< 

Is this error the result of Atlassian deprecating basic auth in their APIs?

[idangozlan]

It seems like the depreciation notice is just for Jira and Confluence. It works fine for me, are you sure using the bitbucket credentials?

[khm1985]

I also get a 401 Unauthorized response when using my Bitbucket credentials xxx@jcd.dk and password.

We are self-hosting verdaccio version 2.7.4 and using BitBucket Standard plan with 15 users.