Allow HTTP access to repositories via OAuth (BB-8891)

Issue #7735 resolved
Andy Nicholson
created an issue

Github now provides OAuth tokens as an authentication mechanism for pulling/cloning repositories. Do you have a plan/timeline for implementing this?

Currently, the only way to deploy private repositories onto platforms like Heroku (that don't allow private SSH keys) is to explicitly use username/password credentials, which aren't easily revokable and pollute logs & source control with credentials (which is bad!).

Comments (24)

  1. Erik van Zijst staff

    This is now sort-of possible.

    Team accounts have API keys that can be used to clone repos over https without knowing the team account's password. The token can be found in the team's account admin page.

  2. Gavin Bunney

    +100 This would be fantastic to do; the team tokens do work, but since we can't grab the team token from the REST API, being able to just use the oauth token to clone would be great.

  3. Gábor Domonkos

    No, you can use that token only for team accounts. You cannot use that to access the repositories, Bitbucket doesn't support OAuth 2.0 protocoll.

    If you want to do that you have to explicitly use username/password or use the SSH protocoll with RSA keys.

  4. Khurshid Alam

    From where does the the token generated for raw urls in private repo? It is different for every urls. So I suppose it doesn't have anything to do with oauth token. Does it?

  5. Sean Russell

    Thank you, @Erik van Zijst. Now we can hook up our internal CI system. One question, though: do I need a token pair for the Team account to see the team's private repositories? It appears I can only see the public repositories (including my own) with the token pair. I don't see an option to enable that in the token configuration.

  6. Log in to comment