OAuth 2.0 - Resource Owner Password Credentials Grant Fails

Issue #16984 duplicate
Colorfield Git User created an issue

With two legged auth disabled on my account the following (replace with your own credentials) was working perfectly fine up until a few days ago :-

curl -X POST -u "client_id:secret" \
      https://bitbucket.org/site/oauth2/access_token -d grant_type=password \
      -d username={username} -d password={password}

Something has changed and now it has stopped working and it always responds with

{"error_description": "Invalid resource owner username/password", "error": "invalid_request"}

Comments (5)

  1. Colorfield Git User reporter

    This seems to be a pretty core feature of the API that is broken.

    Is anyone actively investigating this issue?

    In the future are we going to see some automated test coverage around all the RFC-6749 grant flows so this issue doesn't happen to your users again?

    Thanking you kindly :)

  2. Log in to comment