renovate
renovate copied to clipboard
renovatebot
Add Authorization type of "Bearer <token>" for Bitbucket Server
What would you like Renovate to be able to do?
I would like renovate to be able to connect to bitbucket-server using just a token, similar to some of the other platforms, I want to be able to provide a token and use the Bearer Authorisation strategy.
If you have any ideas on how this should be implemented, please tell us here.
I think The Auth check could be modified to check if username + password OR token.
This isn't implemented already is it? If so please let me know if I can make this work.
Bitbucket recommend using the auth token without username - see below link
"For project or repository tokens, we recommend only using Bearer Auth without your username:" https://confluence.atlassian.com/bitbucketserver/http-access-tokens-939515499.html
Any advice appreciated! Thanks
Is this a feature you are interested in implementing yourself?
Yes
[bitbucket-server] label requested
I did do a quick search but couldn't find anyone raising a similar issue.
:tada: This issue has been resolved in version 35.9.0 :tada:
The release is available on:
- GitHub release
-
35.9.0
Your semantic-release bot :package::rocket:
The first PR will be reverted, as it's not working as expected. See PR comments
- https://github.com/renovatebot/renovate/pull/20974#issuecomment-1471546719
- #20979
Maybe this only needs a docs change, as you can simply use the token as password and it will work as intended yet.
https://confluence.atlassian.com/bitbucketserver/http-access-tokens-939515499.html#HTTPaccesstokens-UsingHTTPaccesstokens
Closing this issue, as we already documented how to use http access tokens
- https://github.com/renovatebot/renovate/blob/main/lib/modules/platform/bitbucket-server/index.md#authentication
- https://docs.renovatebot.com/modules/platform/bitbucket-server/#authentication
:tada: This issue has been resolved in version 35.9.1 :tada:
The release is available on:
- GitHub release
-
35.9.1
Your semantic-release bot :package::rocket:
Hi, there might be misunderstanding happening here.
The Bearer Token Authentication in Bitbucket is usually is used for repository-/organization-scoped HTTP Access Tokens. These are something else than PAT and cannot be used like them, because they are attached to an org/repo, not a user and therefore only work with via bearer token header. AFAIK HTTP access Tokens cannot be used in any auth as a replacement for a password in a username/password combo, like PAT can.
The steps described in the renovate docs mentioned here (link) only describe the workflow for PAT. Same goes for PR #20974 that was associated with this issue. They do not cover the use or integration of http access tokens, just the use of PAT.
If possible I ask you to reopen this issues as it is not yet resolved and should not have been closed together with PR #20974 .
A note on why org/repo scoped HTTP access tokens are useful for people working with BB and renovate: These token represent a nice option in Bitbucket (I think you might need a datacenter edition for these tokens to become usable) to give tools like renovate write access to a repository/org (and no more) without the need to create a user account for each project's renovate integration. That last part is important, as there is no difference in BB Server between "human" and "maschine" accounts. Both count in full against your developer seats.
What currently happens if you try to use HTTP access tokens with renovate: Sadly it is currently impossible to sue these with renovate as the startup checks fail due to a missing username and if you provide an existing or made up user name to satisfy the renovate startup checks, authentication with bitbucket fails as these tokens cannot be used in combination with a username (see above).
@nilsmahlstaedt then the original issue description is wrong. because it speaks about http acces token with a link the docs. there it's clearly written that they can be used as password replacement.
so your use case seems to be different. please provide some docs links about the token type you like to use.
Hi, I would like to use the http access tokens opposed to a users personal access token to grant renovate write permissions on a repository. The original issue description while maybe not perfect does describe the usage of http access token (creation, permissions, usage) . [Link to docs in question from original issue description](you can use your user's access token as a substitute for your password) Sadly and in a confusing way Atlassian is mixing PAT and HTTP Access Tokens when they finish off the help page with ways on how to use both token types in various api and git operations.
In these examples they do mention that "you can use your user's access token as a substitute for your password", but that works just for the referenced PAT and not for HTTP Access Token. The last two examples then go on and actually describe how to use the http tokens and mention the important caveat when using them (above the second to last example):
For project or repository tokens, we recommend only using Bearer Auth without your username
recommend isn't require, so that's very misleading. 😕
never mind. the reverted PR didn't fixed this feature request. there is more work to do additionally, checkout comments of that PR after it was merged.
:tada: This issue has been resolved in version 37.288.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket: