Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Request OAuth token from BitBucket

I've been trying to integrate BitBucket to my application for the past 4 hours to no avail.

While reading through BitBucket's RESTful API documentation, I noticed that you need to use OAuth — it's OK, I'm using J.R Conlin's OAuthSimple library, which if fine by me (I tried oauth-php but it was kinda complicated — I didn't need all of those options for such a small integration).

For what I understand, the first step to authenticate with OAuth is to request a new token via POST. When providing the necessary parameters, you should get a response from BitBucket, like this:

oauth_token=Z6eEdO8lOmk394WozF9oJyuAv899l4llqo7hhlSLik&oauth_token_secret=Jd79W4OQfb2oJTV0vzGzeXftVAwglnEJ9lumzYcl&oauth_callback_confirmed=true

To do that, I'm using cURL and OAuthSimple:

$key    = 'key_provided_by_bitbucket';
$secret = 'key_provided_by_bitbucket';
$path   = 'https://api.bitbucket.org/1.0/oauth/request_token';

$params = array(
    'oauth_consumer_key'        => $key,
    'oauth_nonce'               => base_convert(mt_rand(10000, 90000), 10, 32) . 'a',
    'oauth_signature'           => 'HMAC-SHA1',
    'oauth_signature_method'    => 'HMAC-SHA1',
    'oauth_timestamp'           => time(),
    'oauth_callback'            => base_url('dashboard'),
    'oauth_version'             => '1.0a'
);

$oauth  = new OAuthSimple($key, $secret);
$result = $oauth->sign(array(
    'action'        => 'POST',
    'path'          => $path,
    'parameters'    => $params
));

// load resulting url into a string
$ch = curl_init($result['signed_url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$r = curl_exec($ch);
curl_close($ch);

The thing is that, when I send my request, one of two things happen:

  1. If I send it like posted here, I will get a 401 error (I can see that via curl_getinfo($ch))
  2. If I set curl_setopt($ch, CURLOPT_POST, 1), I get a 400 Bad request

The resulting string (stored in $r) is an empty string. The signed_url is a correctly formed URL AFAIK, which is something like this:

https://api.bitbucket.org/1.0/oauth/request_token?oauth_callback=http%3A%2F%2Flocalhost%2Fidv&oauth_consumer_key=key_provided_by_bitbucket&oauth_nonce=b47a&oauth_signature=3A1R%2FoKxTqh6Q23poaS%2BVNzhwpE%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1347167282&oauth_version=1.0a

If I enter manually that address into my address bar in a browser, I'll get an Authentication Dialog to the BitBucket API, port 443. I can't login with my credentials, though. Then it will just keep saying "Could not verify OAuth request."

I don't know what I'm doing wrong, since it's my first time using OAuth.

Any help's appreciated!

like image 494
AeroCross Avatar asked Sep 09 '12 05:09

AeroCross


People also ask

How can I get access token from Bitbucket?

To create an HTTP access token for a project or repository (requires project or repository admin permissions): From either the Project or Repository settings, select HTTP access tokens. Select Create token. Set the token name, permissions, and expiry.

How do I use OAuth Bitbucket?

Under Recent workspaces, select the workspace that will be accessed using the consumer; or find and open the workspace under All workspaces. On the sidebar, select Settings to open the Workspace settings. On the sidebar, under Apps and features, select OAuth consumers. Click the Add consumer button.

How do I use OAuth 2 to access resources in Bitbucket?

Bitbucket Cloud REST API integrations, and Atlassian Connect for Bitbucket add-ons, can use OAuth 2.0 to access resources in Bitbucket. Our OAuth 2 implementation supports all 4 of RFC-6749 's grant flows. This section provides the basic OAuth 2.0 information to register your consumer and set up OAuth 2.0 to make API calls.

How do I create an HTTP access token in Bitbucket?

HTTP access tokens in Bitbucket Data Center can be created for users as well as for teams working in projects and repositories. Use them in place of passwords for Git over HTTPS, or to authenticate when using the Bitbucket REST API. Go to Profile picture > Manage account > HTTP access tokens. Select Create token.

How to manipulate Bitbucket repository with token?

To manipulate Bitbucket repository with token: First you create an "Oauth" in access management section of your bitbucket account setting. This gives you a "Key" and a "Secret".

Can I use OAuth2 as HTTP basic Auth credentials?

This BitBucket page mentions: We recently introduced OAuth 2 and also added the ability to use them as HTTP Basic Auth credentials. Cloning a repository with an access token


Video Answer


1 Answers

The problem is that Curl will verify the SSL certificate.

To solve the problem you can tell Curl to ignore the verification of the SSL certificates:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
like image 169
Daniel Gomes Avatar answered Oct 13 '22 20:10

Daniel Gomes