Believed to be related to BSERV-19859

I'm guessing SourceTree under the hood accesses URLs in Bitbucket that aren't under /rest or /scm (possibly just project/repo enumeration) and therefore it is locking out the account.

I'm authenticating with a HTTP token. Initially it succeeds, but right away it shows a red x for the account and I'm unable to access Bitbucket through other git clients (git bash, tortoisegit). Need an admin to reset CAPTCHA.

What's observed matches the expected results from that Bitbucket Server ticket.

But in the case of accessing Bitbucket with SourceTree, the expected result is that it doesn't lock out my account.

I have no choice to log in with a password due to the way the server is configured with OIDC authentication only. My only way to do basic auth is HTTP token, which should work.