Oauth 2.0 token doesn't work with Mirror

XMLWordPrintable

    • 3
    • Severity 3 - Minor
    • 2

      Issue Summary

      OAuth 2.0 tokens cannot be used with Mirror in authenticating GIT or API call.

      This is reproducible on Data Center: (yes)

      Steps to Reproduce

      • Generate a OAuth 2.0 token as specified in Bitbucket OAuth 2.0 provider API document.
      • Clone a repository or run API calls to the mirror URL using the OAuth token in bearer header .

      Expected Results

      The GIT and API calls using OAuth token in bearer header should be authenticated successfully.

      Actual Results

      • Authentication with Mirror fails and the following error appears in log 
        2024-09-09 07:19:54,515 WARN  [http-nio-7990-exec-2] @3VH98Xx439x7x0 172.29.176.116,172.50.0.3 "GET /scm/pro1/repo5.git/info/refs HTTP/1.1" c.a.o.provider.core.token.JwtService Unable to verify JWT token signature.
2024-09-09 07:19:54,519 DEBUG [http-nio-7990-exec-2] @3VH98Xx439x7x0 172.29.176.116,172.50.0.3 "GET /scm/pro1/repo5.git/info/refs HTTP/1.1" c.a.b.i.m.m.a.c.BaseCachingAuthenticator https://linux-80193.prod.atl-cd.net/bitbucket: recent auth cache - cache hit for {repo=13, credentials={passwordHash=bdd01...}} with value {Auth failure, {DelegatedAuthenticationFailureException, Authentication failed for the supplied credentials (Reason: 'Authentication failed for the supplied credentials (Reason: 'Invalid credentials')')}} - serving result from cache
2024-09-09 07:19:54,519 DEBUG [http-nio-7990-exec-2] @3VH98Xx439x7x0 172.29.176.116,172.50.0.3 "GET /scm/pro1/repo5.git/info/refs HTTP/1.1" c.a.s.i.a.DefaultAuthenticationService <>: Authenticator 'com.atlassian.bitbucket.server.bitbucket-mirroring-mirror:delegatedHttpAuthenticationHandler' rejected the authentication attempt
2024-09-09 07:19:54,520 DEBUG [http-nio-7990-exec-2] @3VH98Xx439x7x0 172.29.176.116,172.50.0.3 "GET /scm/pro1/repo5.git/info/refs HTTP/1.1" c.a.s.i.s.s.PluginAuthenticationProvider <>: Authentication failed; bad credentials
2024-09-09 07:19:54,520 DEBUG [http-nio-7990-exec-2] @3VH98Xx439x7x0 172.29.176.116,172.50.0.3 "GET /scm/pro1/repo5.git/info/refs HTTP/1.1" c.a.s.i.a.PluginHttpAuthenticationFailureHandler onAuthenticationFailure - delegating to com.atlassian.stash.internal.auth.RememberMeAuthenticationFailureHandler
2024-09-09 07:19:54,520 DEBUG [http-nio-7990-exec-2] @3VH98Xx439x7x0 172.29.176.116,172.50.0.3 "GET /scm/pro1/repo5.git/info/refs HTTP/1.1" c.a.s.i.a.PluginHttpAuthenticationFailureHandler onAuthenticationFailure - delegating to com.atlassian.stash.internal.rest.auth.RestAuthenticationFailureHandler
2024-09-09 07:19:54,520 DEBUG [http-nio-7990-exec-2] @3VH98Xx439x7x0 172.29.176.116,172.50.0.3 "GET /scm/pro1/repo5.git/info/refs HTTP/1.1" c.a.s.i.a.PluginHttpAuthenticationFailureHandler onAuthenticationFailure - delegating to com.atlassian.stash.internal.auth.ScmAuthenticationFailureHandler
2024-09-09 07:19:54,521 DEBUG [http-nio-7990-exec-2] @3VH98Xx439x7x0 172.29.176.116,172.50.0.3 "GET /scm/pro1/repo5.git/info/refs HTTP/1.1" c.a.s.i.a.PluginHttpAuthenticationFailureHandler onAuthenticationFailure - com.atlassian.stash.internal.auth.ScmAuthenticationFailureHandler handled authentication failure
      • Even when the command passes the Bearer header, the authentication mechanism on the console will revert to the basic auth.
      git clone -c http.extraHeader='Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjJmNzczZTRkNDXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' https://example.prod.atl-cd.net/bitbucket-mirror/scm/pro1/repo5.git
Cloning into 'repo5'...
Username for 'https://example.prod.atl-cd.net':

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            Assignee:
            Dyon Georgopoulos
            Reporter:
            Aman Shrivastava
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: