![]() If the request for the User profile via the REST API fails with a 401 return code it indicates the username/password combination is invalid, nothing is stored and nothing is returned to Git. The credentials, the username and the password/token, are then stored and the values returned to Git. If the username and password credentials sent as Basic Authentication credentials works, then the password is identified as the token. The GCM retrieves this token by checking the password can be used to successfully retrieve the User profile via the Bitbucket REST API. When username and password credentials are submitted the GCM will use them to attempt to retrieve a token, for Basic Authentication this token is in effect the password the user just entered. If the username parameter was passed into the GCM it is used to pre-populate the username field, although it can be overridden. If the GCM needs to prompt the user for credentials they will always be shown an initial dialog where they can enter a username and password. If it contains it will trigger the Bitbucket related processes. When the GCM is triggered by Git, the GCM will check the host parameter passed to it. This means that the Bitbucket implementation in the GCM can support multiple accounts, and usernames, for a single user against Bitbucket, e.g. Unlike the GitHub implementation within the Git Credential Manager, the Bitbucket implementation stores ‘secrets’, passwords, app-specific passwords, or OAuth tokens, with usernames in the Windows Credential Manager vault.ĭepending on the circumstances this means either saving an explicit username in to the Windows Credential Manager/Vault or including the username in the URL used as the identifying key of entries in the Windows Credential Manager vault, i.e. They can only be used to request a new Access Token, and then only if they have not been revoked.Īs such the support for Bitbucket and the use of its OAuth in the Git Credentials Manager differs significantly from how VSTS and GitHub are implemented. Refresh Tokens are issued to the client application at the same time as Access Tokens. Since Bitbucket’s Access Tokens expire every hour it is too much to expect a user to go through the OAuth authentication flow every hour. Since this occurs, in theory, once per year this is not too onerous. When GitHub’s Access Tokens expire the user must anticipate in the standard OAuth authentication flow to get a new Access Token. However it implements a comparatively rare part of OAuth 2.0 Refresh Tokens.īitbucket’s Access Token’s expire after 1 hour if not revoked, as opposed to GitHub’s that expire after 1 year. Read more about information Bitbucket’s OAuth implementation.īitbucket’s OAuth implementation follows the standard specifications for OAuth 2.0, which is out of scope for this document. OAuth is the intended authentication method for user interactions with HTTPS remote URL for Git repositories when 2FA is active.Įssentially once a client application has an OAuth access token it can be used in place of a user’s password. They are intended for use within application that talk to Bitbucket where application can remember and use the app-specific-password. Read about Bitbucket’s 2FA implementation.Īpp-specific passwords are not particularly user friendly as once created Bitbucket hides their value, even from the owner. ![]() SSH and REST API access are beyond the scope of this document. When 2FA is enabled username/password Basic Auth access to the REST APIs and to Git repositories is suspended.Īt that point users are left with the choice of username/apps-specific-password Basic Auth for REST APIs and Git interactions, OAuth for REST APIs and Git/Hg interactions or SSH for Git/HG interactions and one of the previous choices for REST APIs. To enhance security Bitbucket offers optional Two-Factor Authentication (2FA). ![]() Username/password Basic Auth over HTTPS is also available for REST API access.Īdditionally Bitbucket supports App-specific passwords which can be used via Basic Auth as username/app-specific-password. View the Project on GitHub microsoft/Git-Credential-Manager-for-Windows Bitbucket Authentication, 2FA and OAuthīy default for authenticating against private Git repositories Bitbucket supports SSH and username/password Basic Auth over HTTPS. ![]() Secure Git credential storage for Windows with support for Visual Studio Team Services, GitHub, and Bitbucket multi-factor authentication. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |